Logging

Grant Taylor gtaylor at riverviewtech.net
Fri Aug 12 08:24:44 CEST 2005


Svenne Krap wrote:
> Hi.
> 
> I am currently working on a not so simple firewall setup on a modern 
> machine (Xeon, Gigs of memory, SCSI subsystem).
> 
> As part of it, I would like to know various "event" statistics.Questions 
> I would like to answer is "How many hits on port 1433 have i got, and 
> how is that distributed amongst the machines". Think pivot table data.
> 
> Is there some way to get netfilter to collect rule hits (like with no -j 
> clause) for a each port/ip-address individually within a range ?
> Other than creating thousands of lines of rules and add them to my 
> "firewall-startup" script (which is currently slightly less than 80 rules).
> 
> I have thought of just logging all traffic and running it through a 
> userspace program via syslog-ng, but frankly I worry about performance 
> (the firewall should be able to filter at least the 100Mbps connection, 
> it currently sits on) under flooding.
> 
> Your thoughs are apprieciated :)
> 
> Svenne
> 


You might want to take a look at the ACCOUNT match (http://www.netfilter.org/patch-o-matic/pom-extra.html#pom-extra-ACCOUNT).



Grant. . . .



More information about the netfilter mailing list