----- Original Message -----
From: "Rob Sterenborg" <rob@xxxxxxxxxxxxxxx>
To: <netfilter@xxxxxxxxxxxxxxxxxxx>
Sent: Friday, April 21, 2006 9:57 AM
Subject: Re: packets loging
On Fri, April 21, 2006 09:36, robee wrote:
but i want only this:
Apr 21 04:09:20 master kernel: HTTP_IN=eth2 OUT=eth0 SRC=10.11.9.2
DST=213.54.82.29
any sugestion?
AFAIK that isn't possible.
Why would you want to anyway ?
Gr,
Rob
less data to write, less disk load
It must be a really busy box if this is going to hog your disk space|IO.
If you use the limit match ("-m limit --limit 1/sec" or something) your
logging will also be less.
Gr,
Rob
disk space is not a problem but disk usage increased 10 times during loging
dstport 80 only. it is a gateway for large network.
When i use limit module is it possible that loging system miss some
significant connection? or it has influence to particular destination host?
ex:
log like:
Apr 21 04:09:20 master kernel: HTTP_IN=eth2 OUT=eth0 SRC=10.11.9.2
DST=213.54.82.29 ...
Apr 21 04:09:20 master kernel: HTTP_IN=eth2 OUT=eth0 SRC=10.11.9.2
DST=82.140.223.12 ...
Apr 21 04:09:20 master kernel: HTTP_IN=eth2 OUT=eth0 SRC=10.11.9.2
DST=112.212.123.2 ...
Apr 21 04:09:21 master kernel: HTTP_IN=eth2 OUT=eth0 SRC=10.11.9.2
DST=213.54.82.29 ...
Apr 21 04:09:22 master kernel: HTTP_IN=eth2 OUT=eth0 SRC=10.11.9.2
DST=213.54.82.29 ...
Apr 21 04:09:23 master kernel: HTTP_IN=eth2 OUT=eth0 SRC=10.11.9.2
DST=213.54.82.29 ...
Apr 21 04:09:24 master kernel: HTTP_IN=eth2 OUT=eth0 SRC=10.11.9.2
DST=213.54.82.29 ...
turns to:
Apr 21 04:09:20 master kernel: HTTP_IN=eth2 OUT=eth0 SRC=10.11.9.2
DST=213.54.82.29 ...
Apr 21 04:09:20 master kernel: HTTP_IN=eth2 OUT=eth0 SRC=10.11.9.2
DST=82.140.223.12 ...
Apr 21 04:09:20 master kernel: HTTP_IN=eth2 OUT=eth0 SRC=10.11.9.2
DST=112.212.123.2 ...
robee
