[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

monitoring pf rule statistics

I'm planning an upgrade of the internet connection at the place where I
work and am faced with upgrading our current Packeteer traffic shaper as
well. Since these babies are quite expensive if you wish to deploy them
in a redundant setup I managed to get the beancounters interested in an
OpenBSD solution instead.
What we're looking at is 2 * 2 bridges in a CARP failover setup, one set
doing a 6mbit leased line, the other set will need to handle a 100 mbit
connection. After they has gotten over the initial scare of using the
commandline they did found 1 item missing: byte & packetcounters for
each rule. At the moment pfctl -vv -s all show something like this:
[ Evaluations: 400582 Packets: 400582 Bytes: 264645786 States: 0 ]
However what we need is something more aking to snmp interface
statistics, but then for pf rules: x packets in, x packets out, x bytes
in, x bytes out.
Is there any way to get these statistics out of pfctl?
// nick