Re: Problem with pfstat

Hi Daniel,

Daniel Hartmeier wrote:
On Sat, Nov 30, 2002 at 05:28:21PM +0100, Sven Böhringer wrote:

My first problem was that I didn't find the switch for pfctl "-l", as described on the pfstat-site:

That's the main problem, all the zeros in your pfstat log indicate that
interface logging is not enabled.

Note that in order to collect interface statistics, interface logging has to be enabled using 'pfctl -l iface' (3.1-stable and prior) or 'set loginterface iface' (-current).

Well, what version are you running (uname -a)? And what interface you
want to collect the statistics for (usually the external one)?

It is 3.2 on a SPARC (uname -a gives:)

OpenBSD fourtytwo.thenet.de 3.2 GENERIC#36 sparc

Yes, i want to log the external one (here tun0)

Either run 'pfctl -l iface' (replace iface with xl0, kue0, etc.) for 3.1 and earlier or put the line 'set loginterface iface' (replace iface...) at the top of /etc/pf.conf for 3.2.

Ok, now I got it :-) I had to put the "set loginterface tun0" into my pf.conf.

And here some line from pfstat:

1038682261 1036682337 5153 1260 0 0 12 52 15 0 0 0 0 0 6 357 7 1 117 0 0 0 0 0
1038682321 1036682337 5453 1260 0 0 12 58 15 0 0 0 0 0 5 387 7 2 147 0 0 0 0 0

The problem is, that the pfstat process runs for at least 15min without producing any picture :-(

Make sure /var/log/pfstat doesn't grow too large. You can rotate it
periodically like the man page explains (tail -n ...).

Thanks, I think that maybe the zeros in the log file cause pfstat (or better the draw functions from the gd-library) to screw up?
I'll try that.

Many thanks for your help!


Regards, Sven