how to get firewall statistics directly from the place where it is stored


#1

Hello,
is there any other way to get firewall statistics like packets/bytes dropped/forwarded per rule under specific firewall.? we can use cli command “show firewall firewall-name statistics” to get it. but I want to know where actually this stats are stored, so that i can get those directly from that place instead of running above cli command each time.?


#2

what about looking at iptables -vL


#3

Thanks jl3128 for reply. “iptables -vL” somehow helped to get stats for all chains but I want to know about place where all this stats are stored on vyos.? I will need to run this command every time and parse the output whenever i want stats periodically. It would be better if i can find the place where this stats are stored…?


#4

No idea on this one. You could poke around in /proc, but I couldn’t find anything. You can install strace and strace ipatbles -vL to see what it’s doing. I think iptables is user-space, but netfilter might be too low in the stack to get at what it’s doing. Maybe the stats are stored in kernel-space memory?

Having said that, I think it’s ok to write a script using iptables to output stats. You could also look at using SNMP to gather firewall stats.