Re: Log traffico...

To: debian-italian@lists.debian.org
Subject: Re: Log traffico...
From: NN_il_Confusionario <pinkof.pallus@tiscalinet.it>
Date: Sat, 17 Nov 2001 11:14:03 +0100
Message-id: <20011117111403.U8651@quadrifoglio.formulasistemi.it>
Mail-followup-to: debian-italian@lists.debian.org
Reply-to: pinkof.pallus@tiscalinet.it
In-reply-to: <e8p0t9.ls.ln@127.0.0.1>; from gaio@linux.it on Thu, Nov 15, 2001 at 05:07:42PM +0100
References: <e8p0t9.ls.ln@127.0.0.1>

On Thu, Nov 15, 2001 at 05:07:42PM +0100, Marco Gaiarin wrote:
> Avrei bisogno di tenere un log di tutto il traffico che passa per una
> data interfaccia

Se ti basta "quantui bytes sono passati in un certo intervallo di tempo
da e/o per ceti ip" allora ipfm (ricompilalo da woody se hai potato, come
ho io sulle macchine nelle quali uso quel pacchetto)

> Iptables mi pare non proponibile... potrei loggare
> ogni pacchetto che passa ma poi sarebbe un suicidio ravanare nei log
> (che ad ogni modo non saprei dove mettere).

non e` necessario loggare. Ci dovrebbero essere regole che permettono
semplicemente di aumentare certi contatori e poi comandi di iptables
(credo, con ipchains c'erano) per farti vedere i valori dei contatori
e/o resettarli

Credo che esistano pacchetti debian che aiutano a fare queste cose:
non li ho mai usati ma forse ti possono servire

 Package: ipac-ng
 Description: IP Accounting for iptables( kernel >=2.4)
  Inserts iptables rules to classify network traffic and monitors these
  rules, writing the data to a file at a certain interval. It will then
  allow one to calculate IP accounting data and statistics.

 Package: ipac
 Description: IP accounting configuration and statistics tool
  Allows easy configuration of the Linux kernel's IP accounting
  features. It can also read this information from the kernel, store it
  and summarise it.
  .
  If you use linux 2.3 or 2.4, you need ipchains compatibility
  in your kernel as ipac does not support the new kernel natively yet.

 Package: fwlogwatch
 Description: Firewall log analyzer
   fwlogwatch produces ipchains, netfilter/iptables, ipfilter, Cisco IOS and
   Cisco PIX log summary reports in text and HTML form and has a lot of
   options to find and display relevant patterns in connection attempts. With
   the data found it can also generate customizable incident reports from a
   template and send them to abuse contacts at offending sites or CERT
   coordination centers. Finally, it can also run as daemon and report
   anomalies or start countermeasures.

 Package: net-acct
 Description: Usermode IP accounting daemon
   This package logs network traffic. It provides a daemon (nacctd) that
   logs all traffic passing the machine it runs on (similar to what tcpdump
   does).
   .
   Capability is provided to associate traffic to slip/ppp users in case you
   run a slip/ppp server.

Reply to:

References:
- Log traffico...
  - From: Marco Gaiarin <gaio@linux.it>

Prev by Date: Re: Port forwarding in un adsl router...
Next by Date: Re: Diritti per creare utenti
Previous by thread: Log traffico...
Next by thread: Re: Log traffico...
Index(es):
- Date
- Thread