Iptables logging and Squid
This might be simple for most of you since this is rather a syntax issue and I'm no expert in iptables.
I have a squid proxy and need to log any connections made to it (port 3128) through a particular interface say eth1. How can I achieve this? Thanks |
Have you tried tcpdump?
Code:
tcpdump -i eth1 port 3128 Code:
tcpdump -C [maxsize] -w [filename] -i eth1 -W [filecount] port 3128 Code:
tcpdump -C 1 -w /var/tcpdump/portlog -i eth1 -W 5 port 3128 You could add this command to your start-up script (may need to run as root) and it will log the activity. To reduce the entries in the log file you can add other filters (in addition to port #) to the end of the command. See man netdump for specifics. (Edited - used -F where -w should have been -- sorry!) Hope this helps |
Code:
iptables -A INPUT -p tcp --dport 3128 -j LOG --log-level Check for following options : --log-level level Level of logging (numeric or see syslog.conf(5)). --log-prefix prefix Prefix log messages with the specified prefix; up to 29 letters long, and useful for distinguishing messages in the logs. Check iptables manual page for more info. |
P S Shah seems to have a much simpler solution than the one I gave. Use whatever works best for you.
|
All times are GMT -5. The time now is 06:09 PM. |