Hi Timothy, On 10/11/05, Timothy Murphy <tim@xxxxxxxxxxxxxxxxxxxxxx> wrote: > However, I don't really see why it is necessary to add kernel patches? > Couldn't one get the necessary information from iptables logs? During the initial stages of our design, we felt that having a light-weight reporting tool is important and realtime reporting also may be crucial. Hence our idea is to have the data collection at the kernel layer and report them to the userspace daemon at a regular interval. When a packet arrives immediately we are able to distinguish whether this packet is drop/accept and tcp/udp/icmp, and which rule it belongs to, etc. We can parse the iptables log for this information but the latency and inaccuracy may occur and logs maybe truncated. Anyway, we have plans to extend our current architecture to allow several network stations to report their statistics to a single monitoring node. Regards, Anna.
