Alex, : I want to add some logging so that I can got back and see exactly what : traffic I had when latency was bad. I want to see what internal hosts : and external host were generating the traffic. What ports they were : talking on, what protocols etc. : : I know how to add logging in iptables but reading the logs is kind of : tiresome. I rather have something like iptraf but that can be run : after the fact. You definitely want to visit Stef Coene's site [1] and have a look first at his GUI tools [2] and possibly also some of his monitoring scripts. [3] Don't forget about ntop, which (in its "new" incarnation) collects statistical data you can examine after the fact. [4] There are others interested in the same sort of (general) question, also on this mailing list. [5] And if you are comfortable with your current iptables commands, why not consider the iptacct tool. [6] Good luck, -Martin [1] http://www.docum.org/ [2] http://www.docum.org/stef.coene/qos/gui/ [3] http://www.docum.org/stef.coene/qos/monitor/ [4] http://www.ntop.org/ntop.html [5] http://mailman.ds9a.nl/pipermail/lartc/2002q4/005752.html [6] http://tretmine.org/iptacct/ -- Martin A. Brown --- SecurePipe, Inc. --- mabrown@securepipe.com
