Re: Traffic monitoring

To: debian-security@lists.debian.org
Subject: Re: Traffic monitoring
From: Geoff Crompton <geoff.crompton@bjhcontrols.com.au>
Date: Sat, 15 Mar 2003 10:55:43 +1100
Message-id: <[🔎] 20030314235543.GB1177@lovelace>
Mail-followup-to: Geoff Crompton <geoff.crompton@bjhcontrols.com.au>, debian-security@lists.debian.org
In-reply-to: <[🔎] 20030314213959.GB4603@rz-ewok.rz.uni-karlsruhe.de>
References: <[🔎] 39365.192.168.1.11.1047668597.squirrel@nilsson.intranet.pr> <[🔎] 20030314213959.GB4603@rz-ewok.rz.uni-karlsruhe.de>

On Fri, Mar 14, 2003 at 10:39:59PM +0100, Christoph Moench-Tegeder wrote:
> If you are using kernel 2.4, you can use ulogd.

  I never got ulogd running properly. I'm running 0.97-1 from woody, and
  I was never able to get it to information to any files. Anyone want to
  comment on the following ulogd.conf file?

nlgroup 1
logfile /var/log/ulogd.log
loglevel 1
plugin /usr/lib/ulogd/ulogd_BASE.so
syslogfile /var/log/ulogd.syslogemu
syslogsync 1
plugin /usr/lib/ulogd/ulogd_LOGEMU.so
dumpfile /var/log/ulogd.pktlog


  And I've got a filewall rule:
-A INPUT -s 61.9.128.13 -i eth0 -p udp -m udp --dport 1024 -m limit --limit 20/hour -j ULOG --ulog-prefix BPA 

  (Checking with iptables-save -c reveals that the rule has been getting
  matches).

  Geoff Crompton

Reply to:

References:
- Traffic monitoring
  - From: "Nils" <debian@fnen.eu.org>
- Re: Traffic monitoring
  - From: Christoph Moench-Tegeder <cmt@rz.uni-karlsruhe.de>

Prev by Date: Re: Traffic monitoring
Next by Date: Re: Traffic monitoring
Previous by thread: Re: Traffic monitoring
Next by thread: Re: Traffic monitoring
Index(es):
- Date
- Thread