Linux - GeneralThis Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
OK I have my linux redhat 7.1 box all set up ( I love it BTW), Got IP MASQ and a pretty solid firewall using IPTABLES. I log everything to a file and then i have a cron job archive all this stuff. Here is my Problem. I want to set up the firewall config to log it to a database. how do i do this? Eventually i will be using this BD and some SQL in a webpage so i can view stats and see who is messing around with my box... And after that, i want to start logging the amount of data that goes through the box. Then make pretty graphs etc...
What i really want is an internal webpage where i can view all these stats so i can actively manage my box... i figure that i do the same greps on my message log so why not automate this into some SQL and make it Pretty.....
You'd probably want to get a packet sniffer - the best I can think of snort and portsentry. OK, they are not only packet sniffers to be precise - they are fully blown network intrusion detection systems if used properly, snort can be run as daemon and it can send logs to a designated log directory, so you'll get all the IP's including yours that ever crossed your box (except if your system is compromised already (I hope it is not a case, so I am crossing my fingers) you can log spoofed IP's if a cracker is not an immature scriptkidie) So then you can setup your database to pull info from logs and display it to you. To add more snort incorporates built in and your own rules for misbehavior detection, so you can costumize it the way you want. http://www.snort.org/
so i guess there is no way that i can do it with IPTABLES. Even if i code it to execute some sort of code on the trap? Would if i used IPCHAINS? I don't know... I would prefer to do it all myself and not have another app do it for me..
Could Any one suggest how i would be able to parse my loggs from a web page... IE i write some SQL to query that page or something of that fashion.. I have done this with Cold Fustion on an NT Box but havn't a clue as to how to do it wit Apache?
You can use PHP and and flavor of sql you like, If you're loging traffic to /var/log/messages you can just go there and use (e)grep to filter the file. And maybe get your data like that. OR head over to http://www.demarc.com They have an ap that does whst you want already