Difference between revisions of "firewall log accept and drop rate calculation"
From cpwiki.net
| Line 1: | Line 1: | ||
'''baseline /count accepts & drops for the last minute from firewall 192.168.1.1''' | '''baseline /count accepts & drops for the last minute from firewall 192.168.1.1''' | ||
| + | accept commmand | ||
# fw log -n -c accept -h 192.168.1.1 -s `/bin/date --date="1 minutes ago" +%T` -e `/bin/date +%T` |wc -l | # fw log -n -c accept -h 192.168.1.1 -s `/bin/date --date="1 minutes ago" +%T` -e `/bin/date +%T` |wc -l | ||
9013 | 9013 | ||
| + | drop command | ||
# fw log -n -c drop -h 192.168.1.1 -s `/bin/date --date="1 minutes ago" +%T` -e `/bin/date +%T` |wc -l | # fw log -n -c drop -h 192.168.1.1 -s `/bin/date --date="1 minutes ago" +%T` -e `/bin/date +%T` |wc -l | ||
761 | 761 | ||
| + | |||
| + | == script (one liner) == | ||
| + | This command will give you the accept and drop rate for the last minute for the IP specified. | ||
| + | |||
| + | [Expert@cplogger]# IP="192.168.1.1"; for i in accept drop; do printf "$i "; fw log -n -c $i -h $IP -s `/bin/date --date="1 minutes ago" +%T` -e `/bin/date +%T` |wc -l; done | ||
| + | accept 699 | ||
| + | drop 301 | ||
[[category:logs]] | [[category:logs]] | ||
Revision as of 17:13, 23 June 2014
baseline /count accepts & drops for the last minute from firewall 192.168.1.1 accept commmand
# fw log -n -c accept -h 192.168.1.1 -s `/bin/date --date="1 minutes ago" +%T` -e `/bin/date +%T` |wc -l 9013
drop command
# fw log -n -c drop -h 192.168.1.1 -s `/bin/date --date="1 minutes ago" +%T` -e `/bin/date +%T` |wc -l 761
script (one liner)
This command will give you the accept and drop rate for the last minute for the IP specified.
[Expert@cplogger]# IP="192.168.1.1"; for i in accept drop; do printf "$i "; fw log -n -c $i -h $IP -s `/bin/date --date="1 minutes ago" +%T` -e `/bin/date +%T` |wc -l; done accept 699 drop 301
