Good
day,
I have been
running netfilter for a few years now. Right now I am pulling my logs into
an application called Sawmill (www.sawmill.net) it understands native iptables logs.
This application, like other parsers, can only report on info that is in the
log. I would like to be able to pull reports with protocol breakdown and
amount of certain traffic, e.g. how much SMTP went out vs. how much came
in.
I use a custom
made webmin module to configure rules, if I edit the iptables file this is
what I see for logging:
-log-prefix
RULE_1:ACCEPT:
-log-prefix
RULE_10:DROP:
Is there a way
to log more information about the traffic as stated above by adding to these
lines or do I need another package to do
this.
Checkpoint FW-1
has a 'log' option and a 'accounting'. Accounting gives more information
regarding traffic stats.
I read on the
lists that people have created a new chain and logged it that way, but I am not
sure what can be done.
Thanks in
advance
Manny
************************************************************************************************** The contents of this email and any attachments are confidential. They are intended for the named recipient(s) only. If you have received this email in error please notify the system manager or the sender immediately and do not disclose the contents to anyone or make copies. ** eSafe scanned this email for viruses, vandals and malicious content. ** **************************************************************************************************
