Below is a 7-day graph from one of our production firewalls which has about
a dozen clients on 10Mb ethernet.
Note that the bottom three lines (red, green, blue) go with the right axis
labels (which you may need to scroll right to see).
In the 7-day graph above, you can see the daily growth and nightly pruning of the log file (the sawtooth line) and the bursty nature of network traffic (blue). The red line at the very bottom (packets NOT forwarded) is the sum of traffic to the firewall itself and rejected traffic.
You can also see that the peak packet rate of nearly 2,000 packets/sec (blue line) is well below the capacity of the firewall (measured at about 40,000 packets/sec).
Generation of usage graphs for the logical firewall is "a work in progress". This means that the method as well as the scripts presented here may change and documentation is still sparse. It is offered in its current form for those who may find it useful.
Since the firewall itself may not be a suitable place to store, graph, or publish usage statistics; the gathering and subsequent processing of the data is partitioned into the three scripts below:
stats -- Runs on the firewall. Gathers
usage data on cpu load, memory, ramdisk, connected states, and network traffic
every few seconds.
statsprep -- Is optional and need not
run on the firewall. It can consolidate every N samples
into one (by taking the maximum of each measurement) and/or split (and
compress) input into daily files.
statsplot -- Need not run on the
firewall. Produces graphs of usage data using "gnuplot".
Typically, one would run the "stats" script remotely (via
"ssh") from another unix system which will store the data. For
example:
ssh -f root@fw /usr/local/bin/stats -15 | statsprep -20 -s -z
This causes samples to be collected on the firewall every 15 seconds (so as to not miss brief events) and to be saved on another system in daily/compressed files with one sample every 5 minutes (representing the maximum values from each of the 20-prior 15-second samples).
These files can be plotted individually or in combination with
"statsplot". It has options: -g, -n, -p to
generate GIF, PNG, or PostScript files respectively
(otherwise it will try to display directly using X11). The best graphs
are produced by the GIF and PostScript drivers with PNG not far behind.
The 7-day graph above was produced with the following command:
zcat lfw-02031[2-8].gz | statsplot -g