Re: Logging

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Svenne Krap wrote:
Hi.

I am currently working on a not so simple firewall setup on a modern machine (Xeon, Gigs of memory, SCSI subsystem).

As part of it, I would like to know various "event" statistics.Questions I would like to answer is "How many hits on port 1433 have i got, and how is that distributed amongst the machines". Think pivot table data.

Is there some way to get netfilter to collect rule hits (like with no -j clause) for a each port/ip-address individually within a range ? Other than creating thousands of lines of rules and add them to my "firewall-startup" script (which is currently slightly less than 80 rules).

I have thought of just logging all traffic and running it through a userspace program via syslog-ng, but frankly I worry about performance (the firewall should be able to filter at least the 100Mbps connection, it currently sits on) under flooding.

Your thoughs are apprieciated :)

Svenne



You might want to take a look at the ACCOUNT match (http://www.netfilter.org/patch-o-matic/pom-extra.html#pom-extra-ACCOUNT).



Grant. . . .


[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux