Svenne Krap wrote:
Hi.
I am currently working on a not so simple firewall setup on a modern
machine (Xeon, Gigs of memory, SCSI subsystem).
As part of it, I would like to know various "event" statistics.Questions
I would like to answer is "How many hits on port 1433 have i got, and
how is that distributed amongst the machines". Think pivot table data.
Is there some way to get netfilter to collect rule hits (like with no -j
clause) for a each port/ip-address individually within a range ?
Other than creating thousands of lines of rules and add them to my
"firewall-startup" script (which is currently slightly less than 80 rules).
I have thought of just logging all traffic and running it through a
userspace program via syslog-ng, but frankly I worry about performance
(the firewall should be able to filter at least the 100Mbps connection,
it currently sits on) under flooding.
Your thoughs are apprieciated :)
Svenne
You might want to take a look at the ACCOUNT match (http://www.netfilter.org/patch-o-matic/pom-extra.html#pom-extra-ACCOUNT).
Grant. . . .
