Logging
Grant Taylor
gtaylor at riverviewtech.net
Fri Aug 12 08:24:44 CEST 2005
Svenne Krap wrote:
> Hi.
>
> I am currently working on a not so simple firewall setup on a modern
> machine (Xeon, Gigs of memory, SCSI subsystem).
>
> As part of it, I would like to know various "event" statistics.Questions
> I would like to answer is "How many hits on port 1433 have i got, and
> how is that distributed amongst the machines". Think pivot table data.
>
> Is there some way to get netfilter to collect rule hits (like with no -j
> clause) for a each port/ip-address individually within a range ?
> Other than creating thousands of lines of rules and add them to my
> "firewall-startup" script (which is currently slightly less than 80 rules).
>
> I have thought of just logging all traffic and running it through a
> userspace program via syslog-ng, but frankly I worry about performance
> (the firewall should be able to filter at least the 100Mbps connection,
> it currently sits on) under flooding.
>
> Your thoughs are apprieciated :)
>
> Svenne
>
You might want to take a look at the ACCOUNT match (http://www.netfilter.org/patch-o-matic/pom-extra.html#pom-extra-ACCOUNT).
Grant. . . .
More information about the netfilter
mailing list