LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page What is the best way to log traffic trough firewall?
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
LinkBack Search this Thread
Old 04-28-2005, 06:22 AM   #1
G-Fox
Member
 
Registered: Jul 2003
Location: Lithuania
Posts: 45

Rep: Reputation: 15
Question What is the best way to log traffic trough firewall?

Hello, everybody who read this message

What is the best way to log traffic trough firewall?
I have linux box with NAT (one external ip) and get mail from my ISP what my external ip is infected by virus. They sent my logs of virus activity, but in my linux box I don't make any logs and can't find which internal pc (Windows box) is infected... So I decided to start logging everything to find out in future witch pc is infected.

Linux box (router/firewall) is 633MHz Celeron and where are about 100 users. Please share your experiance with me.

Thanks for any answer.
 
Old 04-28-2005, 11:19 AM   #2
perfect_circle
Senior Member
 
Registered: Oct 2004
Location: Athens, Greece
Distribution: Slackware, arch
Posts: 1,782

Rep: Reputation: 52
If you want to log any traffic you may use a packet sniffer.
You may do this with snort, but you can also use it as an IDS (intusion detection System), make it log in a database (mysql) and use base to watch the output. If one of the systems is sending weird packages, snort should create alerts.

snort homepage: http://www.snort.org/
base: http://secureideas.sourceforge.net/
a guide to install snort+base: http://sourceforge.net/project/shown...ease_id=303559

Also, linux use tcpdump to log trafic, read the man page
 
Old 04-28-2005, 01:16 PM   #3
G-Fox
Member
 
Registered: Jul 2003
Location: Lithuania
Posts: 45

Original Poster
Rep: Reputation: 15
Thanks for info perfect_circle
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
What is the best way to log traffic trough firewall? G-Fox Linux - Networking 3 05-04-2005 01:55 PM
What is the best way to log traffic trough firewall? G-Fox Linux - Newbie 6 04-27-2005 08:41 AM
Loggin IP traffic to a log file brokenflea Linux - Security 1 03-30-2005 05:53 PM
firewall and traffic Vladix Linux - Networking 0 07-15-2003 12:20 PM
firewall traffic blocking help jaylee Linux - Security 8 06-30-2003 10:44 AM


All times are GMT -5. The time now is 12:07 AM.

Contact Us - Advertising Info - Rules - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
 
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: @linuxquestions
Open Source Consulting | Domain Registration