[Shorewall-devel] IP accounting counters on iptables

Kristopher Lalletti kris@eclipseci.com
Sat, 23 Feb 2002 13:30:42 -0500


This is a multi-part message in MIME format.

------=_NextPart_000_0002_01C1BC6E.4ACCE150
Content-Type: text/plain;
	charset="US-ASCII"
Content-Transfer-Encoding: 7bit

I've been muddling around to find the "ideal" ip accounter, and I have
yet to find any that would use the existing chains (in this case,
defined by shorewall), and store data in an SQL database for infinite
data gathering.
 
So far, I think I found one that worked on that reads the output of
iptables -vnx -L -t filter calles IAM (IP Accounting Monster), howerver,
it's not exactly right.
 
So, based with that priciple in mind, resetting the counters at
intervals of 1 or 2 hours, I'm thinking of writing a perl data
collection script that would parse the output of iptables and store data
into an sql database with a timestamp and reset the counters for the in
and out chains of the firewall (dmz2net loc2net net2loc net2dmz for
example)
 
After that, it's just a question of querying collected data from the sql
database using built-in stat functions. I'm assuming that the byte
counters are correct, is there something I'm missing? This would be a
great add-on to shorewall, no?
 
Any feedback would be appreciated.
 
Thanks
Kris
 

------=_NextPart_000_0002_01C1BC6E.4ACCE150
Content-Type: text/html;
	charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Dus-ascii">
<TITLE>Message</TITLE>

<META content=3D"MSHTML 6.00.2713.1100" name=3DGENERATOR></HEAD>
<BODY>
<DIV><SPAN class=3D073001418-23022002><FONT face=3DArial size=3D2>I've =
been muddling=20
around to find the "ideal" ip accounter, and I have yet to find any that =
would=20
use the existing chains (in this case, defined by shorewall), and store =
data in=20
an SQL database for infinite data gathering.</FONT></SPAN></DIV>
<DIV><SPAN class=3D073001418-23022002><FONT face=3DArial=20
size=3D2></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=3D073001418-23022002><FONT face=3DArial size=3D2>So =
far, I think I=20
found one that worked on that reads the output of iptables -vnx -L -t =
filter=20
calles IAM (IP Accounting Monster), howerver, it's not exactly=20
right.</FONT></SPAN></DIV>
<DIV><SPAN class=3D073001418-23022002><FONT face=3DArial=20
size=3D2></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=3D073001418-23022002><FONT face=3DArial size=3D2>So, =
based with that=20
priciple in mind, resetting the counters at intervals of 1 or 2 hours, =
I'm=20
thinking of writing a perl data collection script that would parse the =
output of=20
iptables and store data into an sql database with a timestamp and reset =
the=20
counters for the in and out chains of the firewall (dmz2net loc2net =
net2loc=20
net2dmz for example)</FONT></SPAN></DIV>
<DIV><SPAN class=3D073001418-23022002><FONT face=3DArial=20
size=3D2></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=3D073001418-23022002><FONT face=3DArial size=3D2>After =
that, it's=20
just a question of querying collected data from the sql database using =
built-in=20
stat functions. I'm assuming that the byte counters are correct, is =
there=20
something I'm missing? This would be a great add-on to shorewall,=20
no?</FONT></SPAN></DIV>
<DIV><SPAN class=3D073001418-23022002><FONT face=3DArial=20
size=3D2></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=3D073001418-23022002><FONT face=3DArial size=3D2>Any =
feedback would=20
be appreciated.</FONT></SPAN></DIV>
<DIV><SPAN class=3D073001418-23022002><FONT face=3DArial=20
size=3D2></FONT></SPAN>&nbsp;</DIV>
<DIV><SPAN class=3D073001418-23022002><FONT face=3DArial=20
size=3D2>Thanks</FONT></SPAN></DIV>
<DIV><SPAN class=3D073001418-23022002><FONT face=3DArial=20
size=3D2>Kris</FONT></SPAN></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV></BODY></HTML>

------=_NextPart_000_0002_01C1BC6E.4ACCE150--