On Fri, April 21, 2006 10:52, robee wrote: > disk space is not a problem but disk usage increased 10 times during loging > dstport 80 only. it is a gateway for large network. If it's so large, maybe you can setup a log-server and do remote logging. (Have you also looked at ULOG ?) To me, logging *all* packets to dport 80 seems to be overkill but that's up to you. > When i use limit module is it possible that loging system miss some > significant connection? Yes, you *will* miss packets when limiting LOG (as you have a busy network). I think the most important packet is the first one in a connection so you can also choose to just log the NEW packets : $ipt -A INPUT -m state --state NEW -p tcp --dport 80 \ -j LOG --log-level <...> --log-prefix "<...>" Gr, Rob
