On 2008-08-28, Stephan A. Rickauer <[EMAIL PROTECTED]> wrote: > I am curious what tools people here use to visualize pf-generated logs > and/or live traffic. What i'm basically looking for is a tool, that > provides various stats about a pf firewall "usage" in a graphical way, > but not only 'bytes in/bytes out' (i have that using snmp/cacti) but > more detailed stuff like protocol and port distribution, IP based stats > and whatnot. > > Thanks for any ideas beyond pftop, tcpdump, hatched, darkstat and > ntop ;)
argus (in ports/net - http://qosient.com/argus/, as opposed to the other argus which is a server monitoring program) is a good collector/recorder, it has programs that can do some analysis on the data but you need to generate graphs yourself some way or other. the nfdump/nfprofile tools (also in ports) are interesting too, there's a web interface NfSen which is yet to be ported but can be manually installed without huge trouble. they need to work with a collector; our low-overhead one (pfflowd) needs mending to work with the changes to PF (hmm, now where did I put canacar's diff for that...) but there is also pcap-based softflowd which should be ok (I haven't tried it on the pflog interface, but if it works, that's probably the best way to use it, and if it doesn't work like that, it's relatively easy to add).
