* Russell Fulton <[EMAIL PROTECTED]> [2007-10-17 07:43]: > On the monitoring front I have rediscovered symon which I installed when > we first moved to pf years ago but which did not survive an OS upgrade > some time in the past.
for monitoring, I use and suggest: -symon -keeping an eye on daily outputs (I actually parse them automagically, but then, you don't want way over a hundred of these per day to read manually) -use /etc/daily.local if you wanna keep an eye on more things -log monitoring. this is very important. I use logsurfer from ports and have *.* |/usr/local/sbin/logsurfer -d /somewhere -s in my syslog.conf on the logserver. -of course, external montoriing, like, ping probes etc - e. g. nagios a subset might do. I have even more :) > One more question: I take it that unintentionally 'dropped packets' > will show up in the interface stats rather then in any pf counters > (which is where I was looking for them)? So symon will show these. well, those dropped at that stage, yes :) in practice, it is good enough to monitor these, and once in a while checking net.inet.ip.ifq.drops and the congestion counter in pfctl -si. -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam
