http headers with target LOG or ULOG of iptables
Francisco Carrasco
fcarrasc@teleline.es
Tue, 10 Jul 2001 08:47:04 +0200
This is a multi-part message in MIME format.
------=_NextPart_000_001F_01C1091C.E4AD9540
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
I have a Mandrake 8.0 Linux Firewall with two network adapters and
masquerade active between this
two adapters. One of them is connected to Internet.
I want to log all connections between internal and external networks. I =
can
achieve this with iptables
with the LOG target. But this only shows me the source and destination =
ip
address. I want to know
more information about the content of the packets (if the packets =
belongs to
an HTTP connection, I want to parse data and read http commands like GET
/xxx/xxx/xxx.htm).
The final objective is to log the URL of all HTTP resources read by the
users of the internal networks.
Can I achieve this with the ULOG target of iptables and an external =
program
that parse all packets
and log this information ? Anybody knows a program than can do this ?
Or anybody knows a program that can do it without any relation with
iptables, like tcpdump, iplog, ...
Fran.
------=_NextPart_000_001F_01C1091C.E4AD9540
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 5.50.4522.1800" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2><FONT face=3D"Times New Roman" =
size=3D3>I have a=20
Mandrake 8.0 Linux Firewall with two network adapters and<BR>masquerade =
active=20
between this<BR>two adapters. One of them is connected to =
Internet.<BR><BR>I=20
want to log all connections between internal and external networks. I=20
can<BR>achieve this with iptables<BR>with the LOG target. But this only =
shows me=20
the source and destination ip<BR>address. I want to know<BR>more =
information=20
about the content of the packets (if the packets belongs to<BR>an HTTP=20
connection, I want to parse data and read http commands like=20
GET<BR>/xxx/xxx/xxx.htm).<BR><BR>The final objective is to log the URL =
of all=20
HTTP resources read by the<BR>users of the internal networks.<BR><BR>Can =
I=20
achieve this with the ULOG target of iptables and an external=20
program<BR>that parse all packets<BR>and log this information ? Anybody =
knows a=20
program than can do this ?<BR><BR>Or anybody knows a program that can do =
it=20
without any relation with<BR>iptables, like tcpdump, iplog,=20
...<BR><BR>Fran.</FONT><BR></FONT></DIV></BODY></HTML>
------=_NextPart_000_001F_01C1091C.E4AD9540--