(Logiciel informatique) pf BSD
fw est l'interface web distribuée par Aurorae Solutions qui permet la consultation des graphes d'un pare-feu pf.
Configuration
Dans /etc/rc.conf :
pfstatd_enable="YES"
Dans /usr/local/etc/pfstat.conf :
# $Id: pfstat.conf.example,v 1.2 2006/05/17 13:50:44 dhartmei Exp $
#
# /etc/pfstat.conf example
#
# collect
# global
# states entries|searches|inserts|removals [diff]
# counters match|bad-offset|fragment|...|synproxy [diff]
# (see pfctl -si output, same strings)
# interface name pass|block packets|bytes in|out v4|v6 [diff]
# queue name passed|dropped|other packets|bytes|number [diff]
collect 1 = interface "msk0" pass bytes in ipv4 diff
collect 2 = interface "msk0" pass bytes out ipv4 diff
collect 3 = global states entries
image "/usr/local/www/fw/pfstat-day-small.jpg" {
from 24 hours to now
width 300 height 200
left
graph 1 bps "in" "bits/s" color 0 192 0 filled,
graph 2 bps "out" "bits/s" color 0 0 255
right
graph 3 "states" "entries" color 192 192 0
}
root@le75:~ # cat /usr/local/etc/pfstat.conf
# $Id: pfstat.conf.example,v 1.2 2006/05/17 13:50:44 dhartmei Exp $
#
# /etc/pfstat.conf example
#
# collect
# global
# states entries|searches|inserts|removals [diff]
# counters match|bad-offset|fragment|...|synproxy [diff]
# (see pfctl -si output, same strings)
# interface name pass|block packets|bytes in|out v4|v6 [diff]
# queue name passed|dropped|other packets|bytes|number [diff]
collect 1 = interface "msk0" pass bytes in ipv4 diff
collect 2 = interface "msk0" pass bytes out ipv4 diff
collect 3 = global states entries
image "/usr/local/www/fw/pfstat-day-small.jpg" {
from 24 hours to now
width 300 height 200
left
graph 1 bps "in" "bits/s" color 0 192 0 filled,
graph 2 bps "out" "bits/s" color 0 0 255
right
graph 3 "states" "entries" color 192 192 0
}
image "/usr/local/www/fw/pfstat-day-large.jpg" {
from 24 hours to now
width 980 height 300
left
graph 1 bps "in" "bits/s" color 0 192 0 filled,
graph 2 bps "out" "bits/s" color 0 0 255
right
graph 3 "states" "entries" color 192 192 0
}
image "/usr/local/www/fw/pfstat-week-small.jpg" {
from 7 days to now
width 300 height 200
left
graph 1 bps "in" "bits/s" color 0 192 0 filled,
graph 2 bps "out" "bits/s" color 0 0 255
right
graph 3 "states" "entries" color 192 192 0
}
image "/usr/local/www/fw/pfstat-week-large.jpg" {
from 7 days to now
width 980 height 300
left
graph 1 bps "in" "bits/s" color 0 192 0 filled,
graph 2 bps "out" "bits/s" color 0 0 255
right
graph 3 "states" "entries" color 192 192 0
}
image "/usr/local/www/fw/pfstat-month-small.jpg" {
from 4 weeks to now
width 300 height 200
left
graph 1 bps "in" "bits/s" color 0 192 0 filled,
graph 2 bps "out" "bits/s" color 0 0 255
right
graph 3 "states" "entries" color 192 192 0
}
image "/usr/local/www/fw/pfstat-month-large.jpg" {
from 4 weeks to now
width 980 height 300
left
graph 1 bps "in" "bits/s" color 0 192 0 filled,
graph 2 bps "out" "bits/s" color 0 0 255
right
graph 3 "states" "entries" color 192 192 0
}
image "/usr/local/www/fw/pfstat-year-small.jpg" {
from 12 months to now
width 300 height 200
left
graph 1 bps "in" "bits/s" color 0 192 0 filled,
graph 2 bps "out" "bits/s" color 0 0 255
right
graph 3 "states" "entries" color 192 192 0
}
image "/usr/local/www/fw/pfstat-year-large.jpg" {
from 12 months to now
width 980 height 300
left
graph 1 bps "in" "bits/s" color 0 192 0 filled,
graph 2 bps "out" "bits/s" color 0 0 255
right
graph 3 "states" "entries" color 192 192 0
}
collect 4 = interface "vr0" pass packets in ipv4 diff
collect 5 = interface "vr0" pass packets out ipv4 diff
collect 6 = interface "vr0" block packets in ipv4 diff
collect 7 = interface "vr0" block packets out ipv4 diff
image "/usr/local/www/fw/pfstat-packets-day-small.jpg" {
from 24 hours to now
width 300 height 200
left
graph 4 "pass in" "packets/s" color 0 192 0 filled,
graph 5 "pass out" "packets/s" color 0 0 255
right
graph 6 "block in" "packets/s" color 255 0 0,
graph 7 "block out" "packets/s" color 192 192 0
}
image "/usr/local/www/fw/pfstat-packets-day-large.jpg" {
from 24 hours to now
width 980 height 300
left
graph 4 "pass in" "packets/s" color 0 192 0 filled,
graph 5 "pass out" "packets/s" color 0 0 255
right
graph 6 "block in" "packets/s" color 255 0 0,
graph 7 "block out" "packets/s" color 192 192 0
}
image "/usr/local/www/fw/pfstat-packets-week-small.jpg" {
from 7 days to now
width 300 height 200
left
graph 4 "pass in" "packets/s" color 0 192 0 filled,
graph 5 "pass out" "packets/s" color 0 0 255
right
graph 6 "block in" "packets/s" color 255 0 0,
graph 7 "block out" "packets/s" color 192 192 0
}
image "/usr/local/www/fw/pfstat-packets-week-large.jpg" {
from 7 days to now
width 980 height 300
left
graph 4 "pass in" "packets/s" color 0 192 0 filled,
graph 5 "pass out" "packets/s" color 0 0 255
right
graph 6 "block in" "packets/s" color 255 0 0,
graph 7 "block out" "packets/s" color 192 192 0
}
image "/usr/local/www/fw/pfstat-packets-month-small.jpg" {
from 4 weeks to now
width 300 height 200
left
graph 4 "pass in" "packets/s" color 0 192 0 filled,
graph 5 "pass out" "packets/s" color 0 0 255
right
graph 6 "block in" "packets/s" color 255 0 0,
graph 7 "block out" "packets/s" color 192 192 0
}
image "/usr/local/www/fw/pfstat-packets-month-large.jpg" {
from 4 weeks to now
width 980 height 300
left
graph 4 "pass in" "packets/s" color 0 192 0 filled,
graph 5 "pass out" "packets/s" color 0 0 255
right
graph 6 "block in" "packets/s" color 255 0 0,
graph 7 "block out" "packets/s" color 192 192 0
}
image "/usr/local/www/fw/pfstat-packets-year-small.jpg" {
from 12 months to now
width 300 height 200
left
graph 4 "pass in" "packets/s" color 0 192 0 filled,
graph 5 "pass out" "packets/s" color 0 0 255
right
graph 6 "block in" "packets/s" color 255 0 0,
graph 7 "block out" "packets/s" color 192 192 0
}
image "/usr/local/www/fw/pfstat-packets-year-large.jpg" {
from 12 months to now
width 980 height 300
left
graph 4 "pass in" "packets/s" color 0 192 0 filled,
graph 5 "pass out" "packets/s" color 0 0 255
right
graph 6 "block in" "packets/s" color 255 0 0,
graph 7 "block out" "packets/s" color 192 192 0
}
collect 8 = global states inserts diff
collect 9 = global states removals diff
collect 10 = global states searches diff
image "/usr/local/www/fw/pfstat-states-day-small.jpg" {
from 24 hours to now
width 300 height 200
left
graph 8 "inserts" "states/s" color 0 192 0 filled,
graph 9 "removals" "states/s" color 0 0 255
right
graph 10 "searches" "states/s" color 255 0 0
}
image "/usr/local/www/fw/pfstat-states-day-large.jpg" {
from 24 hours to now
width 980 height 300
left
graph 8 "inserts" "states/s" color 0 192 0 filled,
graph 9 "removals" "states/s" color 0 0 255
right
graph 10 "searches" "states/s" color 255 0 0
}
image "/usr/local/www/fw/pfstat-states-week-small.jpg" {
from 7 days to now
width 300 height 200
left
graph 8 "inserts" "states/s" color 0 192 0 filled,
graph 9 "removals" "states/s" color 0 0 255
right
graph 10 "searches" "states/s" color 255 0 0
}
image "/usr/local/www/fw/pfstat-states-week-large.jpg" {
from 7 days to now
width 980 height 300
left
graph 8 "inserts" "states/s" color 0 192 0 filled,
graph 9 "removals" "states/s" color 0 0 255
right
graph 10 "searches" "states/s" color 255 0 0
}
image "/usr/local/www/fw/pfstat-states-month-small.jpg" {
from 4 weeks to now
width 300 height 200
left
graph 8 "inserts" "states/s" color 0 192 0 filled,
graph 9 "removals" "states/s" color 0 0 255
right
graph 10 "searches" "states/s" color 255 0 0
}
image "/usr/local/www/fw/pfstat-states-month-large.jpg" {
from 4 weeks to now
width 980 height 300
left
graph 8 "inserts" "states/s" color 0 192 0 filled,
graph 9 "removals" "states/s" color 0 0 255
right
graph 10 "searches" "states/s" color 255 0 0
}
image "/usr/local/www/fw/pfstat-states-year-small.jpg" {
from 12 months to now
width 300 height 200
left
graph 8 "inserts" "states/s" color 0 192 0 filled,
graph 9 "removals" "states/s" color 0 0 255
right
graph 10 "searches" "states/s" color 255 0 0
}
image "/usr/local/www/fw/pfstat-states-year-large.jpg" {
from 12 months to now
width 980 height 300
left
graph 8 "inserts" "states/s" color 0 192 0 filled,
graph 9 "removals" "states/s" color 0 0 255
right
graph 10 "searches" "states/s" color 255 0 0
}
collect 11 = queue "q_max" pass bytes diff
collect 12 = queue "q_hig" pass bytes diff
collect 13 = queue "q_def" pass bytes diff
collect 14 = queue "q_low" pass bytes diff
image "/usr/local/www/fw/pfstat-queues-day-small.jpg" {
from 24 hours to now
width 300 height 200
left
graph 11 bps "max" "bits/s" color 255 0 0,
graph 12 bps "hig" "bits/s" color 192 192 0,
graph 13 bps "def" "bits/s" color 0 192 0,
graph 14 bps "low" "bits/s" color 0 0 255
}
image "/usr/local/www/fw/pfstat-queues-day-large.jpg" {
from 24 hours to now
width 980 height 300
left
graph 11 bps "max" "bits/s" color 255 0 0,
graph 12 bps "hig" "bits/s" color 192 192 0,
graph 13 bps "def" "bits/s" color 0 192 0,
graph 14 bps "low" "bits/s" color 0 0 255
}
image "/usr/local/www/fw/pfstat-queues-week-small.jpg" {
from 7 days to now
width 300 height 200
left
graph 11 bps "max" "bits/s" color 255 0 0,
graph 12 bps "hig" "bits/s" color 192 192 0,
graph 13 bps "def" "bits/s" color 0 192 0,
graph 14 bps "low" "bits/s" color 0 0 255
}
image "/usr/local/www/fw/pfstat-queues-week-large.jpg" {
from 7 days to now
width 980 height 300
left
graph 11 bps "max" "bits/s" color 255 0 0,
graph 12 bps "hig" "bits/s" color 192 192 0,
graph 13 bps "def" "bits/s" color 0 192 0,
graph 14 bps "low" "bits/s" color 0 0 255
}
image "/usr/local/www/fw/pfstat-queues-month-small.jpg" {
from 4 weeks to now
width 300 height 200
left
graph 11 bps "max" "bits/s" color 255 0 0,
graph 12 bps "hig" "bits/s" color 192 192 0,
graph 13 bps "def" "bits/s" color 0 192 0,
graph 14 bps "low" "bits/s" color 0 0 255
}
image "/usr/local/www/fw/pfstat-queues-month-large.jpg" {
from 4 weeks to now
width 980 height 300
left
graph 11 bps "max" "bits/s" color 255 0 0,
graph 12 bps "hig" "bits/s" color 192 192 0,
graph 13 bps "def" "bits/s" color 0 192 0,
graph 14 bps "low" "bits/s" color 0 0 255
}
image "/usr/local/www/fw/pfstat-queues-year-small.jpg" {
from 12 months to now
width 300 height 200
left
graph 11 bps "max" "bits/s" color 255 0 0,
graph 12 bps "hig" "bits/s" color 192 192 0,
graph 13 bps "def" "bits/s" color 0 192 0,
graph 14 bps "low" "bits/s" color 0 0 255
}
image "/usr/local/www/fw/pfstat-queues-year-large.jpg" {
from 12 months to now
width 980 height 300
left
graph 11 bps "max" "bits/s" color 255 0 0,
graph 12 bps "hig" "bits/s" color 192 192 0,
graph 13 bps "def" "bits/s" color 0 192 0,
graph 14 bps "low" "bits/s" color 0 0 255
}
collect 15 = global counters match diff
collect 16 = global counters bad-offset diff
collect 17 = global counters fragment diff
collect 18 = global counters short diff
collect 19 = global counters normalize diff
collect 20 = global counters memory diff
collect 21 = global counters bad-timestamp diff
collect 22 = global counters congestion diff
collect 23 = global counters ip-option diff
collect 24 = global counters proto-cksum diff
collect 25 = global counters state-mismatch diff
collect 26 = global counters state-insert diff
collect 27 = global counters state-limit diff
collect 28 = global counters src-limit diff
collect 29 = global counters synproxy diff
image "/usr/local/www/fw/pfstat-errors-day-small.jpg" {
from 24 hours to now
width 300 height 200
left
graph 17 "frag" "/s" color 192 0 192,
graph 22 "cong" "/s" color 0 192 192,
graph 23 "iopt" "/s" color 0 0 255,
graph 24 "csum" "/s" color 192 192 0,
graph 25 "mism" "/s" color 255 0 0
right
graph 15 "match" "/s" color 0 192 0
}
image "/usr/local/www/fw/pfstat-errors-day-large.jpg" {
from 24 hours to now
width 980 height 300
left
graph 17 "frag" "/s" color 192 0 192,
graph 22 "cong" "/s" color 0 192 192,
graph 23 "iopt" "/s" color 0 0 255,
graph 24 "csum" "/s" color 192 192 0,
graph 25 "mism" "/s" color 255 0 0
right
graph 15 "match" "/s" color 0 192 0
}
image "/usr/local/www/fw/pfstat-errors-week-small.jpg" {
from 7 days to now
width 300 height 200
left
graph 17 "frag" "/s" color 192 0 192,
graph 22 "cong" "/s" color 0 192 192,
graph 23 "iopt" "/s" color 0 0 255,
graph 24 "csum" "/s" color 192 192 0,
graph 25 "mism" "/s" color 255 0 0
right
graph 15 "match" "/s" color 0 192 0
}
image "/usr/local/www/fw/pfstat-errors-week-large.jpg" {
from 7 days to now
width 980 height 300
left
graph 17 "frag" "/s" color 192 0 192,
graph 22 "cong" "/s" color 0 192 192,
graph 23 "iopt" "/s" color 0 0 255,
graph 24 "csum" "/s" color 192 192 0,
graph 25 "mism" "/s" color 255 0 0
right
graph 15 "match" "/s" color 0 192 0
}
image "/usr/local/www/fw/pfstat-errors-month-small.jpg" {
from 4 weeks to now
width 300 height 200
left
graph 17 "frag" "/s" color 192 0 192,
graph 22 "cong" "/s" color 0 192 192,
graph 23 "iopt" "/s" color 0 0 255,
graph 24 "csum" "/s" color 192 192 0,
graph 25 "mism" "/s" color 255 0 0
right
graph 15 "match" "/s" color 0 192 0
}
image "/usr/local/www/fw/pfstat-errors-month-large.jpg" {
from 4 weeks to now
width 980 height 300
left
graph 17 "frag" "/s" color 192 0 192,
graph 22 "cong" "/s" color 0 192 192,
graph 23 "iopt" "/s" color 0 0 255,
graph 24 "csum" "/s" color 192 192 0,
graph 25 "mism" "/s" color 255 0 0
right
graph 15 "match" "/s" color 0 192 0
}
image "/usr/local/www/fw/pfstat-errors-year-small.jpg" {
from 12 months to now
width 300 height 200
left
graph 17 "frag" "/s" color 192 0 192,
graph 22 "cong" "/s" color 0 192 192,
graph 23 "iopt" "/s" color 0 0 255,
graph 24 "csum" "/s" color 192 192 0,
graph 25 "mism" "/s" color 255 0 0
right
graph 15 "match" "/s" color 0 192 0
}
image "/usr/local/www/fw/pfstat-errors-year-large.jpg" {
from 12 months to now
width 980 height 300
left
graph 17 "frag" "/s" color 192 0 192,
graph 22 "cong" "/s" color 0 192 192,
graph 23 "iopt" "/s" color 0 0 255,
graph 24 "csum" "/s" color 192 192 0,
graph 25 "mism" "/s" color 255 0 0
right
graph 15 "match" "/s" color 0 192 0
}
Il faut avoir activé le logging sur l'interface graphée (ici msk0) dans /etc/pf.conf :
set loginterface msk0
Les graphes sont créées dans /usr/local/www/fw/ dans l'exemple ci-dessus :
mkdir /usr/local/www/fw
Ajouter une page web pour les visualiser dans un navigateur (/usr/local/www/fw/index.html) :
<html><head><title>Pf statistics</title></head>
<body>
<div>
<h2>Day</h2>
<p>
<a href="pfstat-day-large.jpg"><img src="pfstat-day-small.jpg"/></a>
<a href="pfstat-errors-day-large.jpg"><img src="pfstat-day-small.jpg"/></a>
<a href="pfstat-packets-day-large.jpg"><img src="pfstat-day-small.jpg"/></a>
<a href="pfstat-queues-day-large.jpg"><img src="pfstat-day-small.jpg"/></a>
<a href="pfstat-states-day-large.jpg"><img src="pfstat-day-small.jpg"/></a>
</p>
</div>
<p><br/></p>
<div>
<h2>Week</h2>
<p>
<a href="pfstat-week-large.jpg"><img src="pfstat-week-small.jpg"/></a>
<a href="pfstat-errors-week-large.jpg"><img src="pfstat-week-small.jpg"/></a>
<a href="pfstat-packets-week-large.jpg"><img src="pfstat-week-small.jpg"/></a>
<a href="pfstat-queues-week-large.jpg"><img src="pfstat-week-small.jpg"/></a>
<a href="pfstat-states-week-large.jpg"><img src="pfstat-week-small.jpg"/></a>
</p>
</div>
<p><br/></p>
<div>
<h2>Month</h2>
<p>
<a href="pfstat-month-large.jpg"><img src="pfstat-month-small.jpg" title="All"/></a>
<a href="pfstat-errors-month-large.jpg"><img src="pfstat-month-small.jpg" title="Errors"/></a>
<a href="pfstat-packets-month-large.jpg"><img src="pfstat-month-small.jpg" title="Packets"/></a>
<a href="pfstat-queues-month-large.jpg"><img src="pfstat-month-small.jpg" title="Queues"/></a>
<a href="pfstat-states-month-large.jpg"><img src="pfstat-month-small.jpg" title="States"/></a>
</p>
</div>
<p><br/></p>
<div>
<h2>Year</h2>
<p>
<a href="pfstat-year-large.jpg"><img src="pfstat-year-small.jpg"/></a>
<a href="pfstat-errors-year-large.jpg"><img src="pfstat-year-small.jpg"/></a>
<a href="pfstat-packets-year-large.jpg"><img src="pfstat-year-small.jpg"/></a>
<a href="pfstat-queues-year-large.jpg"><img src="pfstat-year-small.jpg"/></a>
<a href="pfstat-states-year-large.jpg"><img src="pfstat-year-small.jpg"/></a>
</p>
</div>
<p><br/></p>
</body>
</html>
Lancer pfstatd avec :
/usr/local/etc/rc.d/pfstatd start
Mettre en cron (crontab -e) :
#minute (0-59) #| hour (0-23) #| | day of the month (1-31) #| | | month of the year (1-12) #| | | | day of the week (0-6 with 0=Sun) #| | | | | commands #| | | | | | * * * * * /usr/local/bin/pfstat -q -d /var/db/pfstat.db 10 6-19 * * * /usr/local/bin/pfstat -p -d /var/db/pfstat.db 25 3 * * * /usr/local/bin/pfstat -t 30 -d /var/db/pfstat.db
Ce document a été publié le 2018-06-28 14:25:35. (Dernière mise à jour : 2020-09-02 15:36:17.)