[Fwd: Re: Per Protocol Traffic Accounting]
tyler at tylercentral.com
Mon Oct 17 23:59:37 PDT 2005
> Thanks for the reply. However I want to capture data for each
> protocol. So, I'd like to have data for HTTP, SMTP, POP3, etc. I've
> done this before with ipfilter using the "count" command. (Eg. count
> in on de0 from any to any proto http )
> However PF doesn't have the count command. I've set labels on my ACL
> entries, however when a new TCP session is established, the flow stays
> with the "IN" rule because I'm keeping state on the connection. So
> the IN counters show all the bytes Tx'd and Rx'd, and the OUT rule is
> 0 because the flow never hits that rule due to keeping the state.
> (Hmm... confusing?)
> I was hoping someone out there has done per protocol accounting with
> PF because I can't figure it out. :(
> I've also looked at ntop from a suggestion earlier in this thread.
> However I was hoping to find a solution using just PF.
> On Mon, 2005-10-17 at 23:23 -0500, Travis H. wrote:
> > "set loginterface interface
> > Sets the interface for which PF should gather statistics such as bytes
> > in/out and packets passed/blocked. Statistics can only be gathered for
> > one interface at a time. Note that the match, bad-offset, etc.,
> > counters and the state table counters are recorded regardless of
> > whether loginterface is set or not. To turn this option off, set it to
> > none. The default is none."
> > Otherwise, couldn't you just use the ifconfig stats? I think there's
> > a package for exporting this via SNMP, which could be queried using
> > ifgraph or rrdtool.
> > --
> > http://www.lightconsulting.com/~travis/ -><-
> > "We already have enough fast, insecure systems." -- Schneier & Ferguson
> > GPG fingerprint: 50A1 15C5 A9DE 23B9 ED98 C93E 38E9 204A 94C2 641B
More information about the freebsd-pf