pfstat

pfstat is a small utility that collects packet filter statistics and produces graphs like those shown below (ADSL 6400/640 kbps).

source code 2.4 (MD5 9e74c4994be5fddaab6c251d3765fab6) including man page. There's a port version of pfstat in the OpenBSD 3.3 ports tree (net/pfstat), as well as a FreeBSD port. The graphs below were produced using this config file.

Note that in order to collect interface statistics, interface logging has to be enabled using 'pfctl -l iface' (3.1-stable and prior) or 'set loginterface iface' (-current).

If you have interesting config files or graphs you'd like to share, please let me know.

There are more pfstat examples on sparc.tuxslare.org and bsdhammer.zapto.org.

Also check out Willem Dijkstra's symon, which can gather the same pf statistics (and many other values like cpu load, memory usage, network traffic) with a small monitoring probe and send them to a central server that stores them in an RRDtool database, from which similar graphs can be generated, with many more powerful options.

interface sis0 pass bytes ipv4, states

states inserts, removals, searches

interface sis0 pass/block packets ipv4

interface sis0 queues

global counters