[announce] iptables + rrdtool
iptgraph sf.net project
iptgraph at gmail.com
Fri Nov 11 02:33:25 UTC 2005
Hi Timothy,
On 10/11/05, Timothy Murphy <tim at birdsnest.maths.tcd.ie> wrote:
> However, I don't really see why it is necessary to add kernel patches?
> Couldn't one get the necessary information from iptables logs?
During the initial stages of our design, we felt that having a
light-weight reporting tool is important and realtime reporting also
may be crucial. Hence our idea is to have the data collection at the
kernel layer and report them to the userspace daemon at a regular
interval. When a packet arrives immediately we are able to distinguish
whether this packet is drop/accept and tcp/udp/icmp, and which rule it
belongs to, etc. We can parse the iptables log for this information
but the latency and inaccuracy may occur and logs maybe truncated.
Anyway, we have plans to extend our current architecture to allow
several network stations to report their statistics to a single
monitoring node.
Regards,
Anna.
More information about the users
mailing list