Tom Is there a way that I can have all traffic logged to messages. I realise this will generate huge logs, but I have enough disk space. My reason for this is to monitor what traffic does go through my firewall. TIA Kim
You could enable loggin from shorewall or you could use tcpdump on your public interface. Both options will be using much of your cpu time! On Tue, 7 Jan 2003, Kim White wrote:> Tom > > Is there a way that I can have all traffic logged to messages. I realise > this will generate huge logs, but I have enough disk space. My reason for > this is to monitor what traffic does go through my firewall. > > TIA > > Kim > > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@shorewall.net > http://www.shorewall.net/mailman/listinfo/shorewall-users > >-- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
The way I use is to set all logging fields in the policy file to "info" and then for each rule you put in to the rules file ie. ACCEPT append a :info also.. so it''d look something like ACCEPT:info loc net tcp 80 DNAT:info net .... ian On Tue, Jan 07, 2003 at 11:45:39AM +0200, Kim White wrote:> Tom > > Is there a way that I can have all traffic logged to messages. I realise > this will generate huge logs, but I have enough disk space. My reason for > this is to monitor what traffic does go through my firewall. > > TIA > > Kim > > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@shorewall.net > http://www.shorewall.net/mailman/listinfo/shorewall-users
At 1/7/2003 08:02 PM, ian wrote:>The way I use is to set all logging fields in the policy file to "info" >and then >for each rule you put in to the rules file ie. ACCEPT append a :info >also.. so it''d >look something like > >ACCEPT:info loc net tcp 80 >DNAT:info net .... > >ian > > >On Tue, Jan 07, 2003 at 11:45:39AM +0200, Kim White wrote: > > Tom > > > > Is there a way that I can have all traffic logged to messages. I realise > > this will generate huge logs, but I have enough disk space. My reason for > > this is to monitor what traffic does go through my firewall.If you need to record the connection time (i.e., the connection flow), you can use the open source ARGUS - Audit Record Generation and Utilization System (http://www.qosient.com/argus/). -Gilson