Logging suggestions

Moritz Gartenmeister moritz at uplink-verein.ch
Tue Apr 12 20:06:17 CEST 2005


is maybe what you need. it runs stable and i always found the data i needed.


Taylor, Grant wrote:
> Oh, my, that will be tough.  Keep in mind that you will quite likely be 
> generating more data doing the log than you will be having pass through 
> your box, especially if the traffic has a small payload.  I would really 
> be tempted to look at using TCPDump to dump everything to a file and 
> then parse the file.  I don't think the LOG or ULOG target are designed 
> for such high traffic volumes.  Even if they were, LOG logs to SYSLOG, 
> which it in and of it's self is not meant for that high of a volume.  
> I've never messed with ULOG so I can't say.  Are you needing payload as 
> well or just header information?  I still think TCPDump or some form of 
> an IDS would be a better bet.  Try taking a look at Snort and see if 
> that will come close to what you need.
> Grant. . . .
> hareram wrote:
>> Hi all
>> I have large  capacity link like STM with my provider
>> Iam planning to log the every packet, source IP , Dest IP, Src port, 
>> Dest port , Type of Service
>> what kind of system configuration recommended
>> what kind of  logging system is better ?
>> iam trying to use Ulogd and try to log every packet, but the kernel 
>> crashes after 5min
>> i have Xeon 1GB ram with 40GB Scsi HDD running FC1
>> How can logging whole history of the packet with the better performance
>> with out any payload to the user access, and transparently
>> any suggestions will be appreciated
>> hare

Uplink student association
Moritz Gartenmeister
Bülachstrasse 1 F
8057 Zürich

More information about the netfilter mailing list