Couldn't you collect this information with SNMP? There is mention of Net-SNMP (previously known as UCD SNMP) on the main IP Filter man page with indication of support for IP Filter. Other TCP or UDP related stats would be supported by NetSNMP anyway.
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jorgen Lundman Sent: March 15, 2005 10:52 PM To: [EMAIL PROTECTED] Subject: Solaris 10 and netstat -s When we ran with ipfilter v3 we graphed in/out bytes using the values found in "netstat -s". But with version v4 these values do not seem to represent teh whole picture anymore. It is almost as if all NAT traffic was not counted - only originating traffic. Is this possible? A 1 minute snap shot: Wed Mar 16 12:46:37 JST 2005 kstat obytes64 4109937675 rbytes64 3672807380 obytes64 3686990232 rbytes64 108535703 netstat tcpOutDataSegs =728300 tcpOutDataBytes =508253505 tcpInInorderSegs =646806 tcpInInorderBytes =484504283 tcpInUnorderSegs = 4528 tcpInUnorderBytes =4484952 Wed Mar 16 12:47:39 JST 2005 kstat obytes64 4115022078 rbytes64 3708562138 obytes64 3722746634 rbytes64 113642878 netstat tcpOutDataSegs =728322 tcpOutDataBytes =508257047 tcpInInorderSegs =646818 tcpInInorderBytes =484506401 tcpInUnorderSegs = 4528 tcpInUnorderBytes =4484952 nat04:~# So kstat reports: e1000g0: 5084403 bytes sent e1000g1: 35756402 bytes sent Where as netstat -s: 3542 bytes sent. Is this a known side effect? I guess it isn't the end of the day, I was worried when the b/w graph went along the floor instead of being at a constant 6-7Mbps. My best guess would be that perhaps "pfil" would need to update such statistics, if one would really care about it. "ipfstat" only shows packets, and not bytes or I would use it. Lund -- Jorgen Lundman | <[EMAIL PROTECTED]> Unix Administrator | +81 (0)3 -5456-2687 ext 1017 (work) Shibuya-ku, Tokyo | +81 (0)90-5578-8500 (cell) Japan | +81 (0)3 -3375-1767 (home)
