Monitor Hardware Firewall from F21 WS
I'm a Linux newbie. I have Fedora 21 Workstation installed. What I want to do is monitor my Hardware Router/Firewall via syslog SNMP in realtime. With MS windows I used a program called, WallWatcher. It monitored in real time and auto generated a log everyday, for all my hardware router/firewall activity. This way I can watch who's trying to access my system and when they're doing it, both as they do so, and reference past occurrences.
So far I have installed SNMP Daemon with "sudo yum install net-snmp". But I have no idea what comes next, except that it requires configuring. I have no idea if it has a GUI interface of not, which is what I want. Has anyone done this before? Or does anyone have another solution for monitoring their network traffic. Actually I'd also like a local software firewall to monitor outgoing 'attempts,' giving me the option of stopping them if I so choose. With MS Windows I started with ZoneAlarm, thanks to Steve Gibsons (GRC.com) recommendation. Then I switched to Comodo. I firmly agree that monitoring outgoing 'attempts' can be a valuable tool, letting one know they have been compromised, so as to stop someone that's done so. Any Ideas? TIA |
Can you retrive information through SNMP on Windows?
|
Does the firewall have snmp[d] installed?
|
Quote:
TIA |
Quote:
Any ideas for a solution? TIA P.S. That's weird, this message showed up while nini09's did not, supposedly it's awaiting approval, so here's the link again: |
Quote:
Quote:
And while it may seem a daunting task for someone new in Linux, you actually have lots of options. You could have the logs from your firewall/router sent to the Linux system, and use syslog-ng to separate the firewall logs into their own file, and have a script examine that file. Logwatch can also be used for such things, and you can have it run near-constantly, and email you if things go awry. And that's just one thing you could do...there are others, like using a script to poke the logs in-situ on the firewall and examine them. You can also use Snort (different approach), to monitor things even further. although that's not really going to parse the logs, but it might give you further depth to your monitoring. You can find sample scripts easily, and we'll be more than happy to give you a hand with them. There's a bash scripting tutorial in my posting signature, and the documentation on configuring syslog-ng is easy to find/follow as well. |
I assume your SNMP access is Ok.
For monitoring their network traffic, there are two ways to minitor, active and passive. Your way like active, retriving information periodicaly through SNMP. Another way is passive through sys-log. All information will go to database at first. And then retriving later. |
Quote:
I was thinking about trying syslog-ng and went to their site. I was going to download but then realized that I can only get the source code. I'm having a problem with compiling source code into object code. I've already tried to do so using realtek's source code drivers for my sound chip. There seems to be some software missing as far as I can tell. I assumed the Fedora 21 distribution would have everything I needed in that area, because compiling source seems to be somewhat the norm in Linux, or at least I've been led to that conclusion. I have a funny feeling I'm going to require quite a bit of help switching from Windows to Linux. :D Is there any tutorial resource for compiling object code that lists what one requires to do so, and where to get it? Of course I can keep asking for your help, but I have a feeling you'll get tired after a bit. Again thanks much for your time, the one thing we'll always want more of in the end. ;) JustAnotherHuman |
Quote:
Thanks for your time, I really do appreciate it. JustAnotherHuman |
No idea why nobody emphasized this but 0) SNMPd, the SNMP daemon, is only necessary if you want to expose SNMP counters to other systems and 1) Fedora is a binary package system. This means you use 'yum' or a desktop tool like 'apper' to install packages and dependencies. Only when Fedora or EPEL don't provide packages would you look for building packages from source tar ball your self. As for your router: configure it to send its syslog to your machine (must be on always obviously) and configure Rsyslog to accept the log entries and stash it in a separate log. Then run Logwatch regularly to generate reports you send to an email address or save to file. As for SNMP: install 'snmpwalk' then see if you can access the router OIDs you want. Your choice would be to fetch them regularly via a cron job using (as mentioned earlier) tools like Nagios, Icinga or Zabbix, or use a command line tool like collectd, collectls daemon, and store data in a database or scrape logs. Really not that hard once you got the concepts, know what you're looking for and where to look.
|
Quote:
I prefer the solution that lets me know as close to real time as possible, would prefer a separate window process so as to monitor whenever I feel the need, and of course logs kept for later analysis. You guys are the pros, which way should I go? ;) Also how about that rule based firewall that watches both in/out bound connection attempts, where I can set either allow, deny or ask, per process. Does any such animal like that exist? Thanks guys! JustAnotherHuman |
Quote:
Quote:
Quote:
- Threats should be avoided and breaches of security should be prevented. - After-the-fact reporting does not equal taking proactive measures. - Linux is not Windows: know what threats affect Linux. More generally speaking: - Know what you're doing, use common sense and read up on securing your machine, - Install only software you need and only packages from known good sources and update when updates are released, - Don't open ports in your firewall and don't forward ports in your statefull NAT router unless you know you need it, - Make regular backups and regularly check your machine for problems. ...or as I'd like to say: Linux may be free to use but using it should not be free of responsibilities. That said, Tuxguardian, Leopardflower, Fireflier and Pgrd (all on Sourceforge.net BTW) were some examples of "ZoneAlarm-for-Linux"-like applications. None of them are maintained anymore, indicating the idea that with Linux things are done differently. It may be hard to understand now but once you've read the documentation and if you understand and adhere to the points I mentioned above you'll find there simply is no need to monitor and block outgoing processes. So I strongly suggest you get acquainted and read the basic user documentation, if unsure examine your system to verify its integrity and then ask detailed questions. You'll be saving yourself a lot of worrying for nothing, time and effort. |
Quote:
JustAnotherHuman |
All times are GMT -5. The time now is 10:55 PM. |