El sÃb, 28 de 08 de 2004 a las 13:28, Askar escribiÃ: > hi, > > Anyone here using MRTG with iptables? for example to check iptables -L > -nvx things graphical using mrtg... or any other statistics > any possibility ? > > looking forward. > regards > AskaR The module bastion-firewall-stats from our GPL firewall named bastion-firewall does something similar to what you want, it has a daemon that collects the data from the counters in the chains you mark in the config files and then puts the data in a rrdtool database and a bash script generates graphical stats each hour. You probably can't do what you want with MRTG but you can do it with something like Cacti, that it's more flexible. You can create a script that collects the data (I advice you it's really slow if you want to collect data from a lot of chains, that's why we use a C program that uses libiptc to do this) and then use it in Cacti to generate the graphics like MRTG does. Or you can simply create the script and use another script to enter the data in the rrdtool database and then graph the data with another one using also rrdtool. If you want code to extract the counters from the chains using C code you should have in mind that the Querying libiptc HOWTO has an error in it, it allocates memory but it does not free it, so the memory used grows and grows and grows. We sent an email to the author of the HOWTO but we have received no response yet. You can look at the code in the bastion-firewall-stats daemon to see where the memory have to be freed. You can download it at: http://www.bgsec.com Hope it helps. -- Jose Maria Lopez Hernandez Director Tecnico de bgSEC jkerouac@xxxxxxxxx bgSEC Seguridad y Consultoria de Sistemas Informaticos http://www.bgsec.com ESPAÃA The only people for me are the mad ones -- the ones who are mad to live, mad to talk, mad to be saved, desirous of everything at the same time, the ones who never yawn or say a commonplace thing, but burn, burn, burn like fabulous yellow Roman candles. -- Jack Kerouac, "On the Road"
