Hi,
I setup shorewall to do ip accounting for the
different IP''s I run.
I use cacti to graph those bandwidth usage stats per
IP.
The problem I have is when I run:
# shorewall restart
all the accounting stats go to zero and cause spikes
on the graphs on the next run which I then have to
kill/remove (I have a killspikes script to do this but
it''s tedious).
I think the spikes get graphed because cacti (or
really rrdtool) checks for the differences between the
previous kbps value and the next one it just got.
Is there a way I can tell shorewall not to clear the
accounting stats when I do a restart?
I''m using 4.0.10-3.
Thanks.
Michael.
Get the name you always wanted with the new y7mail email address.
www.yahoo7.com.au/mail
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
Michael Mansour wrote:> Hi, > > I setup shorewall to do ip accounting for the > different IP''s I run. > > I use cacti to graph those bandwidth usage stats per > IP. > > The problem I have is when I run: > > # shorewall restart > > all the accounting stats go to zero and cause spikes > on the graphs on the next run which I then have to > kill/remove (I have a killspikes script to do this but > it''s tedious). > > I think the spikes get graphed because cacti (or > really rrdtool) checks for the differences between the > previous kbps value and the next one it just got. > > Is there a way I can tell shorewall not to clear the > accounting stats when I do a restart?No -- your ''init'' script needs to capture the counters before ''restart'' and your ''start'' script needs to capture the values after and adjust your stats accordingly. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
Ehlen sidi Mansour, if I remember correctly, Cacti is using an own script to capture the data. Using MRTG on my side - I know that you can set the ABSMAX value here to limit the max counter value - and this usually also pretty well detects resets on the counter. Also - on MRTG if you configure gauge or counter - the programm will handle these values accordingly. Eventually you find these hooks in cacti ... (acti was too complicated foer me at the time it came out - so I programmed my own Monitoring stuff ;) Easyer ) ... Cheers Joerg Michael Mansour wrote:> Hi, > > I setup shorewall to do ip accounting for the > different IP''s I run. > > I use cacti to graph those bandwidth usage stats per > IP. > > The problem I have is when I run: > > # shorewall restart > > all the accounting stats go to zero and cause spikes > on the graphs on the next run which I then have to > kill/remove (I have a killspikes script to do this but > it''s tedious). > > I think the spikes get graphed because cacti (or > really rrdtool) checks for the differences between the > previous kbps value and the next one it just got. > > Is there a way I can tell shorewall not to clear the > accounting stats when I do a restart? > > I''m using 4.0.10-3. > > Thanks. > > Michael. > > > > Get the name you always wanted with the new y7mail email address. > www.yahoo7.com.au/mail > > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Microsoft > Defy all challenges. Microsoft(R) Visual Studio 2008. > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users-- ------------------------------------------------------------------------ | Joerg Mertin : smurphy@solsys.org (Home)| | in Forchheim/Germany : smurphy@linux.de (Alt1)| | Stardust''s LiNUX System : | | Web: http://www.solsys.org | ------------------------------------------------------------------------ PGP: Public Key Server - Get "0x98885d97170b8b7a" ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
Tom Eastep wrote:>>I setup shorewall to do ip accounting for the >>different IP''s I run. >> >>I use cacti to graph those bandwidth usage stats per >>IP. >> >>The problem I have is when I run: >> >># shorewall restart >> >>all the accounting stats go to zero and cause spikes >>on the graphs on the next run which I then have to >>kill/remove (I have a killspikes script to do this but >>it''s tedious). >> >>I think the spikes get graphed because cacti (or >>really rrdtool) checks for the differences between the >>previous kbps value and the next one it just got. >> >>Is there a way I can tell shorewall not to clear the >>accounting stats when I do a restart? > >No -- your ''init'' script needs to capture the counters before >''restart'' and your ''start'' script needs to capture the values after >and adjust your stats accordingly.For maximum accuracy : Before restarting Shorewall, force an update of the rrd - this gets the last stats before the counters are cleared. Then perform another update, but use ''U'' for the values - this forces the rrd into a state where the previous value was unknown and avoids any problems caused by how to get from ''old'' to ''new'' values. Immediately after (re)start, perform another update with all zeros for the values. This forces the baseline for future calculations to be zero. Between them, these steps will capture all but a few packets between getting the stats and resetting the firewall. ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> -----Original Message----- > From: shorewall-users-bounces@lists.sourceforge.net [mailto:shorewall- > users-bounces@lists.sourceforge.net] On Behalf Of Simon Hobson > Sent: Monday, May 26, 2008 2:16 AM > To: shorewall-users@lists.sourceforge.net > Subject: Re: [Shorewall-users] IP Accounting values reset on "shorewall > restart" > > Tom Eastep wrote: > > >>I setup shorewall to do ip accounting for the > >>different IP''s I run. > >> > >>I use cacti to graph those bandwidth usage stats per > >>IP. > >> > >>The problem I have is when I run: > >> > >># shorewall restart > >> > >>all the accounting stats go to zero and cause spikes > >>on the graphs on the next run which I then have to > >>kill/remove (I have a killspikes script to do this but > >>it''s tedious). > >> > >>I think the spikes get graphed because cacti (or > >>really rrdtool) checks for the differences between the > >>previous kbps value and the next one it just got. > >> > >>Is there a way I can tell shorewall not to clear the > >>accounting stats when I do a restart? > > > >No -- your ''init'' script needs to capture the counters before > >''restart'' and your ''start'' script needs to capture the values after > >and adjust your stats accordingly. > > For maximum accuracy : > > Before restarting Shorewall, force an update of the rrd - this gets > the last stats before the counters are cleared. Then perform another > update, but use ''U'' for the values - this forces the rrd into a state > where the previous value was unknown and avoids any problems caused > by how to get from ''old'' to ''new'' values. > > Immediately after (re)start, perform another update with all zeros > for the values. This forces the baseline for future calculations to > be zero. > > Between them, these steps will capture all but a few packets between > getting the stats and resetting the firewall. >Sorry to dig up such an old thread, but I''m faced with an identical problem. Are there any example scripts that people have written to help out with pointers on how to implement this? I''m not so concerned about accuracy in detecting missed traffic...more about not having the spikes. Thanks! ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer''s challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/