On 2011-07-29 11:49, Jeremy Charles wrote:
I’m trying to see if I can get the Linux 2.6 kernel to generate a syslog
message when it removes a UDP “connection” from its connection tracking table.
It’s easy to log the start of a “connection” regardless of whether it’s TCP or
UDP:
sudo iptables -I FORWARD 8 -m state --state NEW -j LOG --log-prefix "New: "
--log-level 7
sudo iptables -I FORWARD 9 -m state --state RELATED -j LOG --log-prefix
"Related: " --log-level 7
I can also log the end of a TCP connection by looking for RST or FIN flags.
My man and google fu just isn’t finding a way to log when a UDP “connection”
gets removed from the connection tracking table.
Anyone have any hints?
Not sure you can actually do this with iptables. Have you had a look at
conntrack?
--
Yves. http://www.SollerS.ca/
http://ipv6.SollerS.ca
http://blog.zioup.org/
_______________________________________________
Tech mailing list
Tech@lists.lopsa.org
https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech
This list provided by the League of Professional System Administrators
http://lopsa.org/
