moritz at uplink-verein.ch
Tue Apr 12 20:06:17 CEST 2005
is maybe what you need. it runs stable and i always found the data i needed.
Taylor, Grant wrote:
> Oh, my, that will be tough. Keep in mind that you will quite likely be
> generating more data doing the log than you will be having pass through
> your box, especially if the traffic has a small payload. I would really
> be tempted to look at using TCPDump to dump everything to a file and
> then parse the file. I don't think the LOG or ULOG target are designed
> for such high traffic volumes. Even if they were, LOG logs to SYSLOG,
> which it in and of it's self is not meant for that high of a volume.
> I've never messed with ULOG so I can't say. Are you needing payload as
> well or just header information? I still think TCPDump or some form of
> an IDS would be a better bet. Try taking a look at Snort and see if
> that will come close to what you need.
> Grant. . . .
> hareram wrote:
>> Hi all
>> I have large capacity link like STM with my provider
>> Iam planning to log the every packet, source IP , Dest IP, Src port,
>> Dest port , Type of Service
>> what kind of system configuration recommended
>> what kind of logging system is better ?
>> iam trying to use Ulogd and try to log every packet, but the kernel
>> crashes after 5min
>> i have Xeon 1GB ram with 40GB Scsi HDD running FC1
>> How can logging whole history of the packet with the better performance
>> with out any payload to the user access, and transparently
>> any suggestions will be appreciated
Uplink student association
Bülachstrasse 1 F
More information about the netfilter