> What I need is a way to monitor, preferably in real time, the number of > packets that are allowed and denied on each interface for as many interfaces > as are installed. > > The program was my way of doing that by letting the program sleep for 1 > second, wake up, collect totals and compare them to the totals in its own > memory, tunnel to the collection program and go back to sleep. > > Looking at ipmon, I was thinking that perhaps I could just tunnel from it or > open the log device myself or something. > > Suggestions anyone? Please?
Is there anything you could do with the "count" directive that goes in ipf.conf, and then extract the data from the firewall log (or whichever file you use to store the firewall log in)? Perhaps a combination of the count directive, `ipfstat` and log massaging/extraction could solve your problem/requirements?
