getting started with pfstat

Thu, 13 Jul 2006 08:42:56 -0700 

I have installed the pfstat 1.7 package on my 3.8 system.  The trouble
is that I do not get any data being graphed.  Here is my test setup:

# cat /etc/pf.conf
pass log all


# cat /etc/pfstat.conf
     image "/var/www/htdocs/pfstat/test.png" {
             from 4 hours to now
             type png
             width 1000 height 700
             left
                     graph packets_v4_in_pass label "pass in" color 0
255 0 filled,
                     graph packets_v4_out_pass label "pass out" color 0
0 255
     }


# tail /var/log/pfstat                                                 
                                                            
1152802141 1152798127 0 0 0 0 0 0 0 0 0 0 0 0 0 3902 0 0 3902 0 0 0 0 0
0 0 0 0 0 0 0 0 0
1152802201 1152798127 0 0 0 0 0 0 0 0 0 0 0 0 0 3957 0 0 3957 0 0 0 0 0
0 0 0 0 0 0 0 0 0
1152802261 1152798127 0 0 0 0 0 0 0 0 0 0 0 0 0 3962 0 0 3962 0 0 0 0 0
0 0 0 0 0 0 0 0 0
1152802321 1152798127 0 0 0 0 0 0 0 0 0 0 0 0 0 3962 0 0 3962 0 0 0 0 0
0 0 0 0 0 0 0 0 0
1152802381 1152798127 0 0 0 0 0 0 0 0 0 0 0 0 0 3962 0 0 3962 0 0 0 0 0
0 0 0 0 0 0 0 0 0
1152802441 1152798127 0 0 0 0 0 0 0 0 0 0 0 0 0 4077 0 0 4077 0 0 0 0 0
0 0 0 0 0 0 0 0 0
1152802501 1152798127 0 0 0 0 0 0 0 0 0 0 0 0 0 4091 0 0 4091 0 0 0 0 0
0 0 0 0 0 0 0 0 0
1152802561 1152798127 0 0 0 0 0 0 0 0 0 0 0 0 0 4096 0 0 4096 0 0 0 0 0
0 0 0 0 0 0 0 0 0
1152802621 1152798127 0 0 0 0 0 0 0 0 0 0 0 0 0 4096 0 0 4096 0 0 0 0 0
0 0 0 0 0 0 0 0 0
1152802681 1152798127 0 0 0 0 0 0 0 0 0 0 0 0 0 4139 0 0 4139 0 0 0 0 0
0 0 0 0 0 0 0 0 0


# crontab -l

# PFSTAT
# Query pf for stats every minute and place them in a data file
*/1 * * * * /usr/local/bin/pfstat -q >> /var/log/pfstat

# PFSTAT
# Generate graphs from the data file every five minutes
*/5 * * * * /usr/local/bin/pfstat -c /etc/pfstat.conf -d
/var/log/pfstat >/dev/null

# PFSTAT
# Truncate the data file (keep the last 50000 lines every Monday @ 1:01
am)
1 1 * * 1 tail -n 50000 /var/log/pfstat > /tmp/pfstat && mv /tmp/pfstat
/var/log/pfstat


The image keeps being updated but there are no lines (no data being
graphed).  sniffing shows steady traffic passing through the network
interface.

Thanks for any help.

Bonus question: How does the program reconcile the data file being
updated at a different interval than the one the graph is being
generated with (i.e. every one minute as opposed to every five
minutes)?

Peter

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com

Reply via email to