Hi all,

Forgive me for this very very lame question. But ...

Where exactly does linux keep its logs conerning network traffic?

I want to be able to moniter network traffic through my iptables annd ppp0 interface which conencts my XP machine to my linux machine and the outside world. Mainly cause I wont to see if there are any suspect things in there which my iptable script is not stopping..

I've looked in /var/logs... but there no current references to any internet stuff. Do I need to enable logging somewhere?

By the way what isa good program to moniter and view my logs with?

Once again forgive for the lame question its very simple but very vital too!

Thanks for putting up with my dumb question!

Tom

Yep ... by default iptables doesn't log packets.

As for monitoring the logs ... what exactly are you
looking for? :)

Cheers,
Tink

Sounds like you're looking for a sniffer type thing :

I've found IPTRAF to work well for giving an overview of what's coming in/out of your machine.

http://freshmeat.net/projects/iptraf/?topic_id=152

Ethereal is better at actually looking at the contents of packets.

http://freshmeat.net/projects/ethereal/?topic_id=152

To look at log files use vi.

*cough* Sarcasm there, but you might want to look through freshmeat (chop the urls above) and search for syslog. There are *TONS* of utilities for doing stuff to syslogs from simply viewing them, colourising them so they're all pretty, to sending them off to remote locations for security reasons.

Stuff internet related might be contained within :

/var/log/messages - lots of stuff
/var/log/secure - logons, and um.. 'secure' related stuff
/var/log/xferlog - what people have transferred using ftp


Slick.

I'll give those to programs a try! They sound like what I need!

Thanks

Tom

If you want to monitor what iptables is doing, you need to add some -j LOG rules, otherwise there's nothing in any of the files to read...

Check out the examples in this tutorial.