Thanks for your reply!
I sort of looked at that. We do all our rules quick (frankly, I don't know
if that is a good thing or a bad thing). If I rewrote all our rules I
suppose I could end in a count for each interface (if I understand count
correctly) and what I need in each count (one for each interface).
I decided not to do that because extracting it from the log or running
ipfstat once a second with a pipe to another program seemed to me to defeat
the real-time need and put too much burden on the processor.
Here is the thing: I will be actually driving a real-time monitor (that is
fairly cool little box actually) attached to the parallel port that counts
the impulses, clicks, warns with a horn, blinks the lights and shows numbers
in real time. That is why I am trying to bypass the logs and get at the
statistics in the kernel with my own C program.
Jeff
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of tripivceta
Sent: Saturday, August 28, 2004 12:12 PM
To: [EMAIL PROTECTED]
Subject: Re: SIOCGETFS returns NULLS for fr_flags and fr_ifname
> What I need is a way to monitor, preferably in real time, the number of
> packets that are allowed and denied on each interface for as many
interfaces
> as are installed.
>
> The program was my way of doing that by letting the program sleep for 1
> second, wake up, collect totals and compare them to the totals in its own
> memory, tunnel to the collection program and go back to sleep.
>
> Looking at ipmon, I was thinking that perhaps I could just tunnel from it
or
> open the log device myself or something.
>
> Suggestions anyone? Please?
Is there anything you could do with the "count" directive that goes in
ipf.conf, and then extract the data from the firewall log (or whichever file
you use to store the firewall log in)?
Perhaps a combination of the count directive, `ipfstat` and log
massaging/extraction could solve your problem/requirements?
