From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Gomathivinayagam Muthuvinayagam <sankarmail@gmail.com>
Cc: netfilter-devel@vger.kernel.org
Subject: Re: ulogd - long living connections
Date: Wed, 1 Aug 2012 20:35:08 +0200 [thread overview]
Message-ID: <20120801183508.GA25947@1984> (raw)
In-Reply-To: <CAAJpzgZObQP=ngyFL854RxdbU3VA5BzAC-MyUwCT2Nb6=hzJCg@mail.gmail.com>
On Wed, Aug 01, 2012 at 11:14:44AM -0700, Gomathivinayagam Muthuvinayagam wrote:
> Apologize, I did not understand your answer.
Please, don't top-post:
http://www.idallen.com/topposting.html
> The problem that I'm facing is, say if I set a polling interval of 60s
> and in some cases I may lose the data. For example,
> net.netfilter.nf_conntrack_tcp_timeout_close has a timeout value of
> 10s. In this case, if the close event happens and with polling
> interval of 60s I might miss the no of packets and size.
>
> So I have to combine polling based + event based logging. If I
> generate both the files separately, I have to combine them like going
> through each file, and find out order of events and then I have to
> intelligently combine them. This will take considerable cpu usage in
> case of large network traffic system.
>
> My idea is through a single stack, I would like to combine polling
> based(logs update events) + event based(Create & Destroy events). In
> this scheme, from single NFCT plugin I will be registering two
> callbacks one is for getting update events using polling, and another
> one is for getting create and destroy events using event based(no
> hashtable). Is that possible?
You can hack ulodg2 to add a new mode, to periodically poll and dump
the current table content including time information. Similar to what
the NFACCT plugin does.
prev parent reply other threads:[~2012-08-01 18:35 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-08-01 3:27 ulogd - long living connections Gomathivinayagam Muthuvinayagam
2012-08-01 16:54 ` Pablo Neira Ayuso
2012-08-01 18:14 ` Gomathivinayagam Muthuvinayagam
2012-08-01 18:35 ` Pablo Neira Ayuso [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120801183508.GA25947@1984 \
--to=pablo@netfilter.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=sankarmail@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).