On Feb 15, 2010, at 3:29 PM, Jason Dixon wrote: > On Mon, Feb 15, 2010 at 03:00:59PM -0800, Brian Keefer wrote: >> Hello, >> >> I'm wondering what other folks are using to graph pf data beyond what is >> provided by pfstat. The aggregate values are useful and I'd also like to >> setup graphs of particular services, particular tables, etc. Is there a way >> for pfstat to graph labeled traffic that I have overlooked? > > There are lots of different ways to graph network data on pf firewalls. > I don't know that any (besides pfstat) are specifically designed for pf, > but it's not hard to retrofit them.
Are there any tools that have built-in support to query pf label counters? Is there a MIB for pf? I'm guessing the answer to both is no, so I'd have to write a custom script to call pfctl -sl and parse it, then dump that into RRD or some such. Is there a better approach? >> I also looked briefly at NetFlow support, but as near as I can tell that's >> only for established flows, or am I wrong? > > If by "established" you mean finished, then yes. pfstat(4) exports > expired states into NetFlow datagrams. NetFlow is very handy for > looking at specific traffic events (or representative traffic of a large > event) but is not useful for trending or regression analysis. > I see. That doesn't sound like what I'm trying to do. -- bk
