Alex,
: I want to add some logging so that I can got back and see exactly what
: traffic I had when latency was bad. I want to see what internal hosts
: and external host were generating the traffic. What ports they were
: talking on, what protocols etc.
:
: I know how to add logging in iptables but reading the logs is kind of
: tiresome. I rather have something like iptraf but that can be run
: after the fact.
You definitely want to visit Stef Coene''s site [1] and have a look
first
at his GUI tools [2] and possibly also some of his monitoring scripts. [3]
Don''t forget about ntop, which (in its "new" incarnation)
collects
statistical data you can examine after the fact. [4]
There are others interested in the same sort of (general) question, also
on this mailing list. [5]
And if you are comfortable with your current iptables commands, why not
consider the iptacct tool. [6]
Good luck,
-Martin
[1] http://www.docum.org/
[2] http://www.docum.org/stef.coene/qos/gui/
[3] http://www.docum.org/stef.coene/qos/monitor/
[4] http://www.ntop.org/ntop.html
[5] http://mailman.ds9a.nl/pipermail/lartc/2002q4/005752.html
[6] http://tretmine.org/iptacct/
--
Martin A. Brown --- SecurePipe, Inc. --- mabrown@securepipe.com
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/