On Tuesday 10 March 2009, jason.faulkner@xxxxxxxxxxxxx wrote:
> Hi all,
>
> I'd like to be able to monitor (trend) the number of tracked
> connections in iptables; however, doing something like "cat
> /proc/net/ip_conntrack | wc -l" eats up too much CPU to run with
> regularity (we track somewhere in the realm of 200,000 connections).
>
> Is there a way to just pull the total number? It'd be nice to know
> that we aren't even getting close to the number of connections set in
> the sysctl.
Hi,
check out the following files:
/proc/sys/net/ipv4/netfilter/{ip_conntrack_count,ip_conntrack_max}
--
So long... Fuzz
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
