On Wed, Aug 01, 2012 at 11:14:44AM -0700, Gomathivinayagam Muthuvinayagam wrote: > Apologize, I did not understand your answer. Please, don't top-post: http://www.idallen.com/topposting.html > The problem that I'm facing is, say if I set a polling interval of 60s > and in some cases I may lose the data. For example, > net.netfilter.nf_conntrack_tcp_timeout_close has a timeout value of > 10s. In this case, if the close event happens and with polling > interval of 60s I might miss the no of packets and size. > > So I have to combine polling based + event based logging. If I > generate both the files separately, I have to combine them like going > through each file, and find out order of events and then I have to > intelligently combine them. This will take considerable cpu usage in > case of large network traffic system. > > My idea is through a single stack, I would like to combine polling > based(logs update events) + event based(Create & Destroy events). In > this scheme, from single NFCT plugin I will be registering two > callbacks one is for getting update events using polling, and another > one is for getting create and destroy events using event based(no > hashtable). Is that possible? You can hack ulodg2 to add a new mode, to periodically poll and dump the current table content including time information. Similar to what the NFACCT plugin does. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
