hello
I use Linux and iptables to SNAT-forward connection to users in my network. my supervisor ordered to log every connection (because of law reasons) and i`m wandering what to log and how to set iptables and firewall and log level because logging every packet is a loads of text data (like 4GB a day).
if anyone should tell me what to log in iptables in order to know every connection between private network (192.168.1.0/24) to internet with information about:
-whose was the connection (private IP from inner network)
-with what (IP from internet)
-both sides ports and protocol

if someone knows how to log activities needed to have this informations i will be very gratefull for any detailed and short information (simply because i lately have no time to read manuals and documentation), or some howto or tutorial covering this info.

Hi,

if you are running SQUID, then it is already going to squid log files, no need to worry about it btw, there are many SQUID loggers available at sourceforge those will even make a handsome report for internet usage, i forget the name that i used once, but i know there are hundreds of such kind tools available.

thanks

but i`m not using squid, it`s only iptables nat/firewall, without squid or any proxy, mainly because i have quite poor hardware to use on this purpose. any idea how to do it this way?
if not is there any howto dealing with problem of fully transparent squid for nat (and maybe logging connections)?

These below mentioned threads are worth a look.
http://www.linuxquestions.org/questi...hreadid=367803
http://www.linuxquestions.org/questi...d.php?t=385165

Hello, you could log only tcp SYN packets, that way you would log only 1 packet per connection.

With udp you obviously need to use some other method.

Try looking at http://ipaudit.sourceforge.net/

I use it on a server at work to monitor inbound and outbound connections.

It is very easy to install, and the web interface is cool. Make sure you get the IPaudit-Web package, that has a nice installer.