Board index Linux Security

Ipchains Log

Ipchains Log

Post by nord » Thu, 31 May 2001 23:54:19




> ipchains -A forward -p tcp -d www.website.com -j ACCEPT -l
> ipchains -A output -p tcp -d www.website.com -j ACCEPT -l

That's just going to count how many packets are sent to the server. Try
something like
ipchains -A forward -p tcp -d www.website.com 80 -y -j ACCEPT -l
The "-y" makes the big difference. This will count all connections that are
requested (doesn't mean they are established).
You should log the time and the IP though, because otherwise people can
just generate hits by constantly reloading the site.

nordi

--
Linux - Less bugs for less bucks!

Visit http://private.addcom.de/nordi

 
 
 
Top

1. ipchains log analysis tool (ipchains-db.pl)

    I have written a Perl script that parses ipchains log messages
    and optionally inserts them into a database to make sifting
    through hundreds (or thousands ;) of log messages to find
    anything that might indicate potential problems.

    If interestested, you may obtain this from:
    ftp://ftp.enteract.com/users/hbarta/ipchains-db.-0.01.tgz.

    Please consider this an alpha release. If you do try this out,
    I would appreciate any feedback you have. Post here or e-mail
    as you see fit. I am particularly interested in bugs, problems
    and ideas for future development.

    I would also like to know what you think are good queries to
    issue to display 'interesting statistics'. (I would also like
    know how to query by date! Couldn't figure out the syntax for
    that 'where' clause. ;)

    regards,
    hank

--
Hank Barta                            White Oak Software Inc.

                Beautiful Sunny Winfield, Illinois

2. OFFICIAL

3. IPCHAINS logging with sysklogd - log to separate file?

4. linux on DEC 2000 AXP 300?

5. ipchains logging

6. Routing 2 nets through ppp link

7. ipchains logging config

8. "xfs is dead but subsys is locked" ??

9. IPChains log info

10. ipchains logs

11. ipchains log

12. Where does ipchains log ?

13. firewall(ipchains) logging


All times are UTC
Board index