Hi There,
Thanks to Shorewall Geek (see posting "shorewall 4.0.14.2 Accounting")
I got the shorewall accounting working OK
Just a quick question, Is there anyway I can reset the accounting without
restarting the shorewall itself?
example
Shorewall 4.0.14.2 Chain accounting at debian - Sat Dec 6 16:11:10 EST 2008
Counters reset Fri Dec 5 12:28:19 EST 2008
Chain accounting (3 references)
pkts bytes target prot opt in out source destination
1490K 1559M total-i 0 -- ppp0 * 0.0.0.0/0 0.0.0.0/0
1083K 145M total-o 0 -- * ppp0 0.0.0.0/0 0.0.0.0/0
48689 32M hedges-i 0 -- ppp0 * 0.0.0.0/0 10.1.1.5
41512 7062K hedges-o 0 -- * ppp0 10.1.1.5 0.0.0.0/0
Can I reset chain "hedges" without resetting chain "total",
or the only way is to reset the whole chains? how?
ordinary IPTABLES will OK since I will use it on cron job anyway
The idea is to extract the values to be store to database
Calculating the difference between the present bandwidth and the previous one
will work,
but why not just to reset the chain, say every15 mins and store the new value
Thanks for any reply
Start your day with Yahoo!7 and win a Sony Bravia TV. Enter now
http://au.docs.yahoo.com/homepageset/?p1=other&p2=au&p3=tagline
------------------------------------------------------------------------------
SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada.
The future of the web can''t happen without you. Join us at MIX09 to
help
pave the way to the Next Web now. Learn more and register at
http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/
Phillipus Gunawan wrote:>Thanks to Shorewall Geek (see posting "shorewall 4.0.14.2 >Accounting") I got the shorewall accounting working OK >Just a quick question, Is there anyway I can reset the accounting >without restarting the shorewall itself? > >example > >Shorewall 4.0.14.2 Chain accounting at debian - Sat Dec 6 16:11:10 EST 2008 > >Counters reset Fri Dec 5 12:28:19 EST 2008 > >Chain accounting (3 references) >pkts bytes target prot opt in out source destination >1490K 1559M total-i 0 -- ppp0 * 0.0.0.0/0 0.0.0.0/0 >1083K 145M total-o 0 -- * ppp0 0.0.0.0/0 0.0.0.0/0 >48689 32M hedges-i 0 -- ppp0 * 0.0.0.0/0 10.1.1.5 >41512 7062K hedges-o 0 -- * ppp0 10.1.1.5 0.0.0.0/0 > >Can I reset chain "hedges" without resetting chain "total", or the >only way is to reset the whole chains? how? >ordinary IPTABLES will OK since I will use it on cron job anyway > >The idea is to extract the values to be store to database >Calculating the difference between the present bandwidth and the >previous one will work, >but why not just to reset the chain, say every15 mins and store the new valueI''m not aware of any method, but there probably is one. If you reset the values, then you will lose data each time - I don''t believe there is any atomic way to "read & reset" so you will have to read the values, then a short time later reset them, at which point you''ve lost the traffic in that short time. If you log to an RRD database, it takes care of converting a counter to a rate (that''s what it was originally written for, as part of the MRTG project). BTW - there is a switch (at least if you use iptables to directly read the counters) that will force the values to be plain integer counts of bytes - so you don''t have to try and parse the low resolution values like ''32M''. I mentioned this in an earlier message, ''-vxn'' is what I use, but without looking it up I can''t say exactly which of those you need. -- Simon Hobson Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed author Gladys Hobson. Novels - poetry - short stories - ideal as Christmas stocking fillers. Some available as e-books. ------------------------------------------------------------------------------ SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. The future of the web can''t happen without you. Join us at MIX09 to help pave the way to the Next Web now. Learn more and register at http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/
Phillipus Gunawan wrote:> > The idea is to extract the values to be store to database > Calculating the difference between the present bandwidth and the previous one will work, > but why not just to reset the chain, say every15 mins and store the new value >iptables -LZ hedges ------------------------------------------------------------------------------ SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. The future of the web can''t happen without you. Join us at MIX09 to help pave the way to the Next Web now. Learn more and register at http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/
Simon Hobson wrote:> BTW - there is a switch (at least if you use iptables to directly > read the counters) that will force the values to be plain integer > counts of bytes - so you don''t have to try and parse the low > resolution values like ''32M''. I mentioned this in an earlier message, > ''-vxn'' is what I use, but without looking it up I can''t say exactly > which of those you need. >It is -x. And the shorewall show and dump commands also accept that option (e.g., shorewall show -x accounting). ------------------------------------------------------------------------------ SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. The future of the web can''t happen without you. Join us at MIX09 to help pave the way to the Next Web now. Learn more and register at http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/