Re: Log traffico...
On Thu, Nov 15, 2001 at 05:07:42PM +0100, Marco Gaiarin wrote:
> Avrei bisogno di tenere un log di tutto il traffico che passa per una
> data interfaccia
Se ti basta "quantui bytes sono passati in un certo intervallo di tempo
da e/o per ceti ip" allora ipfm (ricompilalo da woody se hai potato, come
ho io sulle macchine nelle quali uso quel pacchetto)
> Iptables mi pare non proponibile... potrei loggare
> ogni pacchetto che passa ma poi sarebbe un suicidio ravanare nei log
> (che ad ogni modo non saprei dove mettere).
non e` necessario loggare. Ci dovrebbero essere regole che permettono
semplicemente di aumentare certi contatori e poi comandi di iptables
(credo, con ipchains c'erano) per farti vedere i valori dei contatori
e/o resettarli
Credo che esistano pacchetti debian che aiutano a fare queste cose:
non li ho mai usati ma forse ti possono servire
Package: ipac-ng
Description: IP Accounting for iptables( kernel >=2.4)
Inserts iptables rules to classify network traffic and monitors these
rules, writing the data to a file at a certain interval. It will then
allow one to calculate IP accounting data and statistics.
Package: ipac
Description: IP accounting configuration and statistics tool
Allows easy configuration of the Linux kernel's IP accounting
features. It can also read this information from the kernel, store it
and summarise it.
.
If you use linux 2.3 or 2.4, you need ipchains compatibility
in your kernel as ipac does not support the new kernel natively yet.
Package: fwlogwatch
Description: Firewall log analyzer
fwlogwatch produces ipchains, netfilter/iptables, ipfilter, Cisco IOS and
Cisco PIX log summary reports in text and HTML form and has a lot of
options to find and display relevant patterns in connection attempts. With
the data found it can also generate customizable incident reports from a
template and send them to abuse contacts at offending sites or CERT
coordination centers. Finally, it can also run as daemon and report
anomalies or start countermeasures.
Package: net-acct
Description: Usermode IP accounting daemon
This package logs network traffic. It provides a daemon (nacctd) that
logs all traffic passing the machine it runs on (similar to what tcpdump
does).
.
Capability is provided to associate traffic to slip/ppp users in case you
run a slip/ppp server.
Reply to: