I am pretty sure freshmeat.net has a tool that uses iptables and puts it into a mysql database...try looking under "monitor" or "uptime" its there somewhere.
regards S -----Original Message----- From: Jon [mailto:[EMAIL PROTECTED] Sent: Thursday, 29 July 2004 10:17 a.m. To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: How can I get all IP transactions (in/out) logged? Yes iptables can do this. I know iptables can log to syslog, and believe there are ways to make it log to SQL, but I am unfamiliar with those. With syslog logging, you will also probably want to look into a syslog replacement such as syslog-ng where you can separate log data to multiple files much easier than the usual channels plain syslog provides. To do this you use the target -j LOG with one or two additional options: iptables -A input -i ppp0 -j LOG --log-level debug --log-prefix "PACKETLOG-IN" iptables -A output -o ppp0 -j LOG --log-level debug --log-prefix "PACKETLOG-OUT" iptables -A forward -i ppp0 -j LOG --log-level debug --log-prefix "PACKETLOG-IN" iptables -A forward -o ppp0 -j LOG --log-level debug --log-prefix "PACKETLOG-OUT" You can use whichever combination of the above four rules depending on what you want to log. #1 logs packets in ppp0 destined to the router/host machine #2 logs packets out ppp0 sourced from the router/host machine #3 logs packets in ppp0 destined to something else on your network #4 logs packets out ppp0 sourced from something else on your network --log-level has to be a valid syslog type (man syslog.conf) --log-prefix is a 14 char string prepended to the log message. This can be changed to suit your needs, and I would suggest configuring syslog-ng to pattern match for this string so you can store each iptables rule's output in a separate file as needed. You can have two files, in and out, each mixed no matter what its to/from (as in my examples above) or have the forward and 'to router host' separated, or any combinations you need. These logs will get large the more data you pass. If you store them for say 24 hours and rotate them as you pass them off to some other accounting/processing software (one that just stores summary info for example) and bzip2's the logs, deleting after a couple days, this shouldn't be bad on a dialup. -- Jon On Tue, 27 Jul 2004 12:27:56 -0700, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > I just want a basic log file containing the source and > destination addresses for all traffic in and out of > via PPP, so that I can keep track of what connections to > outside IP addresses are made, and from where (externally, > or from something running on my system) they originated. > > I've turned on the debug mode in PPP but it doesn't seem to > provide what I want. For instance, it logs transactions from my > system to my ISP, but doesn't log what's happening with > any greater resolution (for instance, if I ping a system > on the Internet, there's no record of the ping attempt > in any of the system log files). The firewall as set up by > "firestarter" logs blocked firewall penetration attempts, but > not "legitimate" transactions in and out (perhaps there's a > method, which I haven't found, to change that?) > > Is there any "built-in" facility that will accomplish > this, or is it necessary/possible to construct something > using "iptables", or is there a contributed app that will > do it? > > I realize that there are log files for the various > servers and utilities (FTP, etc.) that contain this information > on a piecemeal basis, but it seems to me that it would make > more sense to collect it at the connection point(s) in and out > of the system, at least on an interface-by-interface basis. > > Once again, I'm surprised that a Web search and various site > searches haven't turned up a solution to this. > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
