[collectd] IPTables Module

Florian Forster octo<span style="display: none;">.trailing-username</span>(a)<span style="display: none;">leading-domain.</span>verplant.org
Sat Mar 10 09:28:56 CET 2007

Hi Sjoerd,

On Fri, Mar 02, 2007 at 09:21:03PM +0100, Sjoerd van der Berg wrote:
> On 3/2/07, Florian Forster <octo.trailing-username(a)leading-domain.verplant.org> wrote:
> Developed it on my old gentoo machine, no iptables-dev packages there,
> but you only really need 2 calls i think, could just as well do the
> raw socket connections directly, then you'd only need linux kernel
> headers.

I've changed the code and build-system to use a globally installed
version of `libiptc' and `libiptc/libiptc.h'. You can use the
`--with-libiptc[=PREFIX]' configure-option to point the configure-
script to an arbitary location.

My problem is another one: I can't test this plugin, because no single
machine of mine has the `comment' iptables-match. Even Debian's
distibution-kernel comes without this module and me using Sid means that
Etch won't either, so Debian users will be unable to use this for a long

The actual problem here is to tell collectd which counters are
interesting, right? I have two (alternative or additive) suggestions:
- Select counters by some other common feature, such as the
  `--log-prefix' option of the LOG-target or the `--set-mark' option of
  the MARK-target.
- Specify the counter by table, chain and position. The problem is that
  changes in the firewall(-script) may break this, but it doesn't need
  any target/matches that have some side-effect. (I can see why you
  chose the `comment'-match by the way ;)

Any thoughts?

Florian octo Forster
Hacker in training
GnuPG: 0x91523C3D
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://mailman.verplant.org/pipermail/collectd/attachments/20070310/0b89e9b6/attachment.pgp

More information about the collectd mailing list