LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 05-30-2007, 03:03 PM   #1
mgichoga
Member
 
Registered: Sep 2004
Distribution: Ubuntu
Posts: 42

Rep: Reputation: 16
Iptables logging and Squid


This might be simple for most of you since this is rather a syntax issue and I'm no expert in iptables.

I have a squid proxy and need to log any connections made to it (port 3128) through a particular interface say eth1. How can I achieve this?

Thanks
 
Old 05-30-2007, 04:07 PM   #2
rdgreenlaw
Member
 
Registered: May 2007
Distribution: Ubuntu 14.04 LTS
Posts: 59

Rep: Reputation: 16
Have you tried tcpdump?

Code:
tcpdump -i eth1 port 3128
will list all traffic on port 3128 passing through eth1. You can dump this data to a file as follows:
Code:
tcpdump -C [maxsize] -w [filename] -i eth1 -W [filecount] port 3128
Replace maxsize with a number representing the millions of bytes you want in each file, filename with the name of the file you want the log to be written to and filecount with the number of files you want written.

Code:
tcpdump -C 1 -w /var/tcpdump/portlog -i eth1 -W 5 port 3128
Will dump the traffic on eth1 to portlog1 (be sure to use an existing directory) until portlog1 exceeds 1000000 characters. When the file gets too large it will create portlog2 and continue logging in this new file. When portlog5 gets full the system will automatically delete and recreate portlog1. There only limit to the size of the file is available disk space, the number of log files can be greater than 9 and will result in file names buffered with 0 to the size you specify. For example -W 100 would create files from 001 to 100.

You could add this command to your start-up script (may need to run as root) and it will log the activity. To reduce the entries in the log file you can add other filters (in addition to port #) to the end of the command. See man netdump for specifics.

(Edited - used -F where -w should have been -- sorry!)
Hope this helps

Last edited by rdgreenlaw; 05-30-2007 at 04:14 PM.
 
Old 05-31-2007, 02:16 AM   #3
p_s_shah
Member
 
Registered: Mar 2005
Location: India
Distribution: RHEL 3/4, Solaris 8/9/10, Fedora 4/8, Redhat Linux 9
Posts: 228
Blog Entries: 1

Rep: Reputation: 34
Code:
iptables -A INPUT -p tcp --dport 3128 -j LOG --log-level
Output will be displayed in /var/log/messages.

Check for following options :
--log-level level
Level of logging (numeric or see syslog.conf(5)).
--log-prefix prefix
Prefix log messages with the specified prefix; up to 29 letters long, and useful for distinguishing messages in the logs.

Check iptables manual page for more info.
 
Old 05-31-2007, 07:13 PM   #4
rdgreenlaw
Member
 
Registered: May 2007
Distribution: Ubuntu 14.04 LTS
Posts: 59

Rep: Reputation: 16
P S Shah seems to have a much simpler solution than the one I gave. Use whatever works best for you.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
squid transparent proxy + logging varun_saa Mandriva 7 11-03-2006 08:21 PM
Logging times in squid eantoranz Linux - Software 6 06-26-2005 05:16 PM
Squid Logging by group predatorv125 Linux - Networking 0 06-17-2005 06:24 PM
Squid logging out saptarshi Das Linux - Software 0 04-28-2003 10:22 AM
squid deaktivate logging for a special ip saavik Linux - Software 0 04-14-2003 07:40 AM


All times are GMT -5. The time now is 01:35 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration