View previous topic :: View next topic |
Author |
Message |
Tiro l33t
Joined: 14 Feb 2003 Posts: 752 Location: italy
|
Posted: Sat Jun 11, 2005 9:12 pm Post subject: loggare il traffico di rete? |
|
|
vorrei loggare il traffico di rete in modo non eccessivamente "verboso". Ethereal o iptables mi danno troppi log vorrei soltanto loggare le nuove connessioni per tracciare la navigazione degli utenti.
Code: |
iptables -A INPUT -j LOG --log-level info
iptables -A OUTPUT -j LOG --log-level info
|
nn mi è molto amico... |
|
Back to top |
|
|
gutter Bodhisattva
Joined: 13 Mar 2004 Posts: 7162 Location: Aarau, Aargau, Switzerland
|
Posted: Sat Jun 11, 2005 10:14 pm Post subject: |
|
|
Prova ad usare l'opzione
man iptables wrote: |
--state state
Where state is a comma separated list of the connection states
to match. Possible states are INVALID meaning that the packet
could not be identified for some reason which includes running
out of memory and ICMP errors which don't correspond to any
known connection, ESTABLISHED meaning that the packet is associ-
ated with a connection which has seen packets in both direc-
tions, NEW meaning that the packet has started a new connection,
or otherwise associated with a connection which has not seen
packets in both directions, and RELATED meaning that the packet
is starting a new connection, but is associated with an existing
connection, such as an FTP data transfer, or an ICMP error. |
_________________ Registered as User #281564 and Machines #163761 |
|
Back to top |
|
|
ema Guru
Joined: 27 Aug 2003 Posts: 380
|
Posted: Sun Jun 12, 2005 9:31 am Post subject: |
|
|
se ti serve tracciare la navigazione... perchè non usare squid+sarg? _________________ D Per fare il SysAdmin e' necessario conoscere Unix/Linux e disprezzare Windows?
R Se ti interessa lavorare in ambiente Unix/Linux dovrai averne un minimo di conoscenza, quando acquisisci tale conoscenza la seconda parte arriva da sola. |
|
Back to top |
|
|
cagnaluia l33t
Joined: 01 Sep 2004 Posts: 998 Location: Treviso
|
Posted: Sun Jun 12, 2005 10:54 am Post subject: |
|
|
Interessa anche a me.
Vorre fare il contrario però!
Cioè.. verificare e mantenere un log tutti gli ingressi sulle diverse porte aperte.
Ad esempio: ho un server web, un webpanel p2p, ssh, ftp..etcetc.. vorrei che esistesse la possibilità, senza interrogare ogni servizio, verificare un log generale che mi dica: all'ora-minuto-secondo tot, un certo ip ha effettuato una richiesta per la connessione.. andata a buon fine/nn buon fine e tempo di collegamento.
possibile? |
|
Back to top |
|
|
Tiro l33t
Joined: 14 Feb 2003 Posts: 752 Location: italy
|
Posted: Sun Jun 12, 2005 11:26 am Post subject: |
|
|
sembra funzionare meglio
Code: |
# iptables -A OUTPUT -m state --state NEW -p TCP --dport 80 -j LOG
# iptables -A INPUT -m state --state NEW -p TCP --sport 80 -j LOG
|
Quote: |
Jun 12 13:15:28 sp0ck IN= OUT=eth0 SRC=192.168.8.3 DST=62.48.36.239 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=23157 DF PROTO=TCP SPT=40250 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0
Jun 12 13:19:40 sp0ck IN= OUT=eth0 SRC=192.168.8.3 DST=80.14.176.115 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=53843 DF PROTO=TCP SPT=48880 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0
Jun 12 13:19:43 sp0ck IN= OUT=eth0 SRC=192.168.8.3 DST=66.249.85.104 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=20678 DF PROTO=TCP SPT=34413 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0
Jun 12 13:19:44 sp0ck IN= OUT=eth0 SRC=192.168.8.3 DST=66.249.85.104 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=55422 DF PROTO=TCP SPT=34414 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0
Jun 12 13:21:47 sp0ck IN= OUT=eth0 SRC=192.168.8.3 DST=66.249.85.104 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=52308 DF PROTO=TCP SPT=34480 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0
Jun 12 13:22:20 sp0ck IN= OUT=eth0 SRC=192.168.8.3 DST=140.211.166.170 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=31285 DF PROTO=TCP SPT=43673 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0
Jun 12 13:22:22 sp0ck IN= OUT=eth0 SRC=192.168.8.3 DST=140.211.166.170 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=10838 DF PROTO=TCP SPT=43674 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0
Jun 12 13:23:47 sp0ck IN= OUT=eth0 SRC=192.168.8.3 DST=140.211.166.170 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=42817 DF PROTO=TCP SPT=54090 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0
Jun 12 13:23:49 sp0ck IN= OUT=eth0 SRC=192.168.8.3 DST=140.211.166.170 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=4007 DF PROTO=TCP SPT=54095 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0
|
Code: |
[zzz]sp0ck linux # iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
LOG tcp -- anywhere anywhere state NEW tcp spt:www LOG level warning
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
LOG tcp -- anywhere anywhere state NEW tcp dpt:www LOG level warning |
ma ora non mi logga i mac addr mentre col comando precedente sì.. |
|
Back to top |
|
|
Tiro l33t
Joined: 14 Feb 2003 Posts: 752 Location: italy
|
Posted: Sun Jun 12, 2005 11:34 am Post subject: |
|
|
ema wrote: | se ti serve tracciare la navigazione... perchè non usare squid+sarg? |
infatti mi chiedevo se ci fosse un pacchetto del genere...anzi cercando in portage nn l'ho trovato...mò lo provo |
|
Back to top |
|
|
|