LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
Search this Thread
Old 02-14-2008, 04:31 PM   #1
jlarsen
Member
 
Registered: Jan 2005
Location: Dallas, TX
Distribution: Slackware 13.0
Posts: 76

Rep: Reputation: 15
how can I audit traffic through openvpn


I have a setup here with an openvpn server that receives connections from about 30 servers on another organization's network. It has now become a requirement that I can produce audit logs of traffic going through the vpn.

Example: User at computer 192.168.x.x on our network connected to server x.x.x.x through the vpn at SOME_DATE. The connections are using tun (not tap) devices if that makes a difference.

Does anyone know of a good way to accomplish this? I've been looking for a howto on the subject but without any luck so far.

Any help would be greatly appreciated.
 
Old 02-23-2008, 09:09 AM   #2
rayfordj
Member
 
Registered: Feb 2008
Location: Texas
Distribution: Fedora, RHEL, CentOS
Posts: 475

Rep: Reputation: 73
I've not messed much with VPNs but you may be able to perform logging via iptables rules. Depending on the amount of traffic and logging I/O that is generated you may be able to get away with the LOG target, otherwise you may want to look into ULOG which will allow you to throw it into user-space and then grab it from there to log elsewhere (like a database perhaps). Depending on your auditing requirements you may also want to look into limiting the amount of entries logged within a given timeframe from/to any single location pair; or logging only NEW connections;

Hope this helps.
 
Old 03-26-2008, 04:12 PM   #3
jlarsen
Member
 
Registered: Jan 2005
Location: Dallas, TX
Distribution: Slackware 13.0
Posts: 76

Original Poster
Rep: Reputation: 15
Thanks rayfordj, I'm logging only NEW connections to syslog right now, although I might need to learn more about ulog when I have a little more time.

I read some about ulog, but maybe someone can dumb it down a little for me. From what I read it writes to user space and it looks like you create a group (is this how another program will know where to get the info). I'm not real clear on how to get that information and jam it in a database.

Any overview explanation on that last part or reference to a good place to start reading would be appreciated.

Last edited by jlarsen; 03-26-2008 at 04:13 PM. Reason: left a word out
 
Old 03-26-2008, 05:28 PM   #4
rayfordj
Member
 
Registered: Feb 2008
Location: Texas
Distribution: Fedora, RHEL, CentOS
Posts: 475

Rep: Reputation: 73
You'll need to install and configure ulogd. I've no links off-hand for doing this for the netfilter/iptables ULOG target but I'm sure they exist...

from: http://linux.die.net/man/8/ulogd
Quote:
ulogd connects to the netlink device of the Linux kernel and reads messages from the netfilter that get queued with the iptables ULOG target. For this to work you have to compile the ULOG target into your kernel or load the respective module.

The received messages can be logged into files or into a mySQL or PostgreSQL database.


There is more documentation about the daemon and the database plugins (including examples) in the directory

/usr/share/doc/ulogd-*/
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
OpenVPN client has not default gateway when connect to OpenVPN server sailershen Linux - Security 3 03-04-2010 02:20 AM
Traffic shaping (limiting outgoing bandwidth of all TCP-traffic except FTP/HTTP) ffkodd Linux - Networking 3 10-25-2008 12:09 AM
OpenVPN route issues, all traffic through VPN tunnel stuartornum Linux - Server 4 03-05-2007 03:07 AM
OpenVPN Question : connecting 5-6 comps with OpenVPN duryodhan Linux - Networking 7 02-15-2007 10:28 PM
Wireless traffic stomps isdn traffic on gateway machine Radix999 Linux - Wireless Networking 0 11-14-2003 12:54 AM


All times are GMT -5. The time now is 09:31 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration