Hi Daniel, Daniel Hartmeier wrote:
On Sat, Nov 30, 2002 at 05:28:21PM +0100, Sven B�hringer wrote:My first problem was that I didn't find the switch for pfctl "-l", as described on the pfstat-site:
That's the main problem, all the zeros in your pfstat log indicate that interface logging is not enabled.Note that in order to collect interface statistics, interface logging has to be enabled using 'pfctl -l iface' (3.1-stable and prior) or 'set loginterface iface' (-current).
Well, what version are you running (uname -a)? And what interface you want to collect the statistics for (usually the external one)?
It is 3.2 on a SPARC (uname -a gives:) OpenBSD fourtytwo.thenet.de 3.2 GENERIC#36 sparc Yes, i want to log the external one (here tun0)
Ok, now I got it :-) I had to put the "set loginterface tun0" into my pf.conf.Either run 'pfctl -l iface' (replace iface with xl0, kue0, etc.) for 3.1 and earlier or put the line 'set loginterface iface' (replace iface...) at the top of /etc/pf.conf for 3.2.
And here some line from pfstat:
1038682261 1036682337 5153 1260 0 0 12 52 15 0 0 0 0 0 6 357 7 1 117 0 0 0 0 0
1038682321 1036682337 5453 1260 0 0 12 58 15 0 0 0 0 0 5 387 7 2 147 0 0 0 0 0
Thanks, I think that maybe the zeros in the log file cause pfstat (or better the draw functions from the gd-library) to screw up?The problem is, that the pfstat process runs for at least 15min without producing any picture :-(
Make sure /var/log/pfstat doesn't grow too large. You can rotate it periodically like the man page explains (tail -n ...).
I'll try that.
Many thanks for your help!
Daniel
Regards, Sven
