LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 01-20-2015, 05:58 AM   #1
JustAnotherHuman
LQ Newbie
 
Registered: Jan 2015
Location: USA
Distribution: Fedora 21 WS (x64)
Posts: 19

Rep: Reputation: Disabled
Monitor Hardware Firewall from F21 WS


I'm a Linux newbie. I have Fedora 21 Workstation installed. What I want to do is monitor my Hardware Router/Firewall via syslog SNMP in realtime. With MS windows I used a program called, WallWatcher. It monitored in real time and auto generated a log everyday, for all my hardware router/firewall activity. This way I can watch who's trying to access my system and when they're doing it, both as they do so, and reference past occurrences.

So far I have installed SNMP Daemon with "sudo yum install net-snmp". But I have no idea what comes next, except that it requires configuring. I have no idea if it has a GUI interface of not, which is what I want.

Has anyone done this before? Or does anyone have another solution for monitoring their network traffic.

Actually I'd also like a local software firewall to monitor outgoing 'attempts,' giving me the option of stopping them if I so choose. With MS Windows I started with ZoneAlarm, thanks to Steve Gibsons (GRC.com) recommendation. Then I switched to Comodo. I firmly agree that monitoring outgoing 'attempts' can be a valuable tool, letting one know they have been compromised, so as to stop someone that's done so.

Any Ideas?

TIA
 
Old 01-20-2015, 03:39 PM   #2
nini09
Senior Member
 
Registered: Apr 2009
Posts: 1,731

Rep: Reputation: 143Reputation: 143
Can you retrive information through SNMP on Windows?
 
Old 01-20-2015, 03:58 PM   #3
Habitual
LQ Veteran
 
Registered: Jan 2011
Location: Yawnstown, Ohio
Distribution: Mojave
Posts: 9,374
Blog Entries: 37

Rep: Reputation: Disabled
Does the firewall have snmp[d] installed?
 
Old 01-21-2015, 11:55 AM   #4
JustAnotherHuman
LQ Newbie
 
Registered: Jan 2015
Location: USA
Distribution: Fedora 21 WS (x64)
Posts: 19

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by nini09 View Post
Can you retrive information through SNMP on Windows?
Yep, here's a link to the software I was using with windows XP Pro x86, if you care to check it out. It trapped either SNMP or Syslog, I'm not really sure, I assumed it was SNMP. It did this via the routers brocasting IP, of course. I was hoping that something like it existed for Linux because I feel pretty bare at the moment, security wise. One of the major problems with Linux as I see it, i.e. no sense of knowing one's secure, unless they're a Linux pro. And as I said I'm a newbie. Do you know of such software for Linux?

TIA

Last edited by JustAnotherHuman; 01-22-2015 at 10:49 PM.
 
Old 01-21-2015, 12:04 PM   #5
JustAnotherHuman
LQ Newbie
 
Registered: Jan 2015
Location: USA
Distribution: Fedora 21 WS (x64)
Posts: 19

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by Habitual View Post
Does the firewall have snmp[d] installed?
Yep, see the above post to "nini09". You can follow the link as well, if you have any questions as to the software I was using with Windows XP Pro x86. The site is no longer active though, no more upgrades, he's moved on.

Any ideas for a solution?

TIA

P.S. That's weird, this message showed up while nini09's did not, supposedly it's awaiting approval, so here's the link again:

Last edited by JustAnotherHuman; 01-21-2015 at 12:07 PM.
 
Old 01-21-2015, 01:24 PM   #6
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 22,235

Rep: Reputation: 5973Reputation: 5973Reputation: 5973Reputation: 5973Reputation: 5973Reputation: 5973Reputation: 5973Reputation: 5973Reputation: 5973Reputation: 5973Reputation: 5973
Quote:
Originally Posted by JustAnotherHuman View Post
I'm a Linux newbie. I have Fedora 21 Workstation installed. What I want to do is monitor my Hardware Router/Firewall via syslog SNMP in realtime. With MS windows I used a program called, WallWatcher. It monitored in real time and auto generated a log everyday, for all my hardware router/firewall activity. This way I can watch who's trying to access my system and when they're doing it, both as they do so, and reference past occurrences.

So far I have installed SNMP Daemon with "sudo yum install net-snmp". But I have no idea what comes next, except that it requires configuring. I have no idea if it has a GUI interface of not, which is what I want.
You installed the SNMP daemon on your system, which could be used to monitor it, once it's configured.
Quote:
Has anyone done this before? Or does anyone have another solution for monitoring their network traffic.

Actually I'd also like a local software firewall to monitor outgoing 'attempts,' giving me the option of stopping them if I so choose. With MS Windows I started with ZoneAlarm, thanks to Steve Gibsons (GRC.com) recommendation. Then I switched to Comodo. I firmly agree that monitoring outgoing 'attempts' can be a valuable tool, letting one know they have been compromised, so as to stop someone that's done so.
Look into either Zabbix or Nagios. They are the 'standard' methods of Linux monitoring, and both support SNMP. You can easily configure things for custom events. That said, the 'real time' part may be difficult...not sure you can get that fine-grained, although you probably could get things to go ever 60 seconds or so, if that's enough.

And while it may seem a daunting task for someone new in Linux, you actually have lots of options. You could have the logs from your firewall/router sent to the Linux system, and use syslog-ng to separate the firewall logs into their own file, and have a script examine that file. Logwatch can also be used for such things, and you can have it run near-constantly, and email you if things go awry. And that's just one thing you could do...there are others, like using a script to poke the logs in-situ on the firewall and examine them. You can also use Snort (different approach), to monitor things even further. although that's not really going to parse the logs, but it might give you further depth to your monitoring.

You can find sample scripts easily, and we'll be more than happy to give you a hand with them. There's a bash scripting tutorial in my posting signature, and the documentation on configuring syslog-ng is easy to find/follow as well.
 
Old 01-21-2015, 03:52 PM   #7
nini09
Senior Member
 
Registered: Apr 2009
Posts: 1,731

Rep: Reputation: 143Reputation: 143
I assume your SNMP access is Ok.
For monitoring their network traffic, there are two ways to minitor, active and passive.
Your way like active, retriving information periodicaly through SNMP.
Another way is passive through sys-log. All information will go to database at first. And then retriving later.
 
Old 01-23-2015, 12:02 AM   #8
JustAnotherHuman
LQ Newbie
 
Registered: Jan 2015
Location: USA
Distribution: Fedora 21 WS (x64)
Posts: 19

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by TB0ne View Post
You installed the SNMP daemon on your system, which could be used to monitor it, once it's configured.

Look into either Zabbix or Nagios. They are the 'standard' methods of Linux monitoring, and both support SNMP. You can easily configure things for custom events. That said, the 'real time' part may be difficult...not sure you can get that fine-grained, although you probably could get things to go ever 60 seconds or so, if that's enough.

And while it may seem a daunting task for someone new in Linux, you actually have lots of options. You could have the logs from your firewall/router sent to the Linux system, and use syslog-ng to separate the firewall logs into their own file, and have a script examine that file. Logwatch can also be used for such things, and you can have it run near-constantly, and email you if things go awry. And that's just one thing you could do...there are others, like using a script to poke the logs in-situ on the firewall and examine them. You can also use Snort (different approach), to monitor things even further. although that's not really going to parse the logs, but it might give you further depth to your monitoring.

You can find sample scripts easily, and we'll be more than happy to give you a hand with them. There's a bash scripting tutorial in my posting signature, and the documentation on configuring syslog-ng is easy to find/follow as well.
I want to thank you for your time and help. It seems pretty dead around here, and I was beginning to worry that everyone finally sold out to MS.

I was thinking about trying syslog-ng and went to their site. I was going to download but then realized that I can only get the source code. I'm having a problem with compiling source code into object code. I've already tried to do so using realtek's source code drivers for my sound chip. There seems to be some software missing as far as I can tell. I assumed the Fedora 21 distribution would have everything I needed in that area, because compiling source seems to be somewhat the norm in Linux, or at least I've been led to that conclusion.

I have a funny feeling I'm going to require quite a bit of help switching from Windows to Linux.

Is there any tutorial resource for compiling object code that lists what one requires to do so, and where to get it? Of course I can keep asking for your help, but I have a feeling you'll get tired after a bit.

Again thanks much for your time, the one thing we'll always want more of in the end.



JustAnotherHuman
 
Old 01-23-2015, 12:07 AM   #9
JustAnotherHuman
LQ Newbie
 
Registered: Jan 2015
Location: USA
Distribution: Fedora 21 WS (x64)
Posts: 19

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by nini09 View Post
I assume your SNMP access is Ok.
For monitoring their network traffic, there are two ways to minitor, active and passive.
Your way like active, retriving information periodicaly through SNMP.
Another way is passive through sys-log. All information will go to database at first. And then retriving later.
Yeah, I'm thinking Syslog right about now, passive is all I need. I just want to view a window, from time to time, that hopefully updates in real time, and creates a running log of the days events, complete. I hope that's not too tall an order.

Thanks for your time, I really do appreciate it.



JustAnotherHuman
 
Old 01-23-2015, 02:14 AM   #10
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3590Reputation: 3590Reputation: 3590Reputation: 3590Reputation: 3590Reputation: 3590Reputation: 3590Reputation: 3590Reputation: 3590Reputation: 3590Reputation: 3590
No idea why nobody emphasized this but 0) SNMPd, the SNMP daemon, is only necessary if you want to expose SNMP counters to other systems and 1) Fedora is a binary package system. This means you use 'yum' or a desktop tool like 'apper' to install packages and dependencies. Only when Fedora or EPEL don't provide packages would you look for building packages from source tar ball your self. As for your router: configure it to send its syslog to your machine (must be on always obviously) and configure Rsyslog to accept the log entries and stash it in a separate log. Then run Logwatch regularly to generate reports you send to an email address or save to file. As for SNMP: install 'snmpwalk' then see if you can access the router OIDs you want. Your choice would be to fetch them regularly via a cron job using (as mentioned earlier) tools like Nagios, Icinga or Zabbix, or use a command line tool like collectd, collectls daemon, and store data in a database or scrape logs. Really not that hard once you got the concepts, know what you're looking for and where to look.
 
Old 01-23-2015, 04:56 PM   #11
JustAnotherHuman
LQ Newbie
 
Registered: Jan 2015
Location: USA
Distribution: Fedora 21 WS (x64)
Posts: 19

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by unSpawn View Post
No idea why nobody emphasized this but 0) SNMPd, the SNMP daemon, is only necessary if you want to expose SNMP counters to other systems and 1) Fedora is a binary package system. This means you use 'yum' or a desktop tool like 'apper' to install packages and dependencies. Only when Fedora or EPEL don't provide packages would you look for building packages from source tar ball your self. As for your router: configure it to send its syslog to your machine (must be on always obviously) and configure Rsyslog to accept the log entries and stash it in a separate log. Then run Logwatch regularly to generate reports you send to an email address or save to file. As for SNMP: install 'snmpwalk' then see if you can access the router OIDs you want. Your choice would be to fetch them regularly via a cron job using (as mentioned earlier) tools like Nagios, Icinga or Zabbix, or use a command line tool like collectd, collectls daemon, and store data in a database or scrape logs. Really not that hard once you got the concepts, know what you're looking for and where to look.
Yea, I had a feeling that I could get most of what I needed, from the repositories, but I had no idea how to browse the packages. But now I've installed the Yum Extender, and was able to browse "all" the packages. I saw Zabbix, Rsyslog and syslog-ng. So now I need to know which solution, of the ones available, will suit my wants the most. What do you guys think?

I prefer the solution that lets me know as close to real time as possible, would prefer a separate window process so as to monitor whenever I feel the need, and of course logs kept for later analysis. You guys are the pros, which way should I go?

Also how about that rule based firewall that watches both in/out bound connection attempts, where I can set either allow, deny or ask, per process. Does any such animal like that exist?

Thanks guys!




JustAnotherHuman
 
Old 01-24-2015, 05:28 AM   #12
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3590Reputation: 3590Reputation: 3590Reputation: 3590Reputation: 3590Reputation: 3590Reputation: 3590Reputation: 3590Reputation: 3590Reputation: 3590Reputation: 3590
Quote:
Originally Posted by JustAnotherHuman View Post
Yea, I had a feeling that I could get most of what I needed, from the repositories, but I had no idea how to browse the packages.
In that case it's good to know that Fedora, just like its parent companies OSes, come with extensive documentation. Familiarizing yourself with the basic installation, user and security documentation will help introducing the concepts, get you accustomed to basic tasks and therefore be more efficient and productive using Linux. One of the indications this is necessary is new Linux users talking about antivirus, firewalls and specific applications as if they were still running (with a) Windows (mindset). Also its good to know LQ has a pretty good search function (although you have to kind of know what you're looking for). Also realize that not every advice is good advice: ensure you understand what you're doing or knowing where to find specific documentation to check things is crucial, but that goes for about anything, right?..


Quote:
Originally Posted by JustAnotherHuman View Post
So now I need to know which solution, of the ones available, will suit my wants the most. What do you guys think? I prefer the solution that lets me know as close to real time as possible, would prefer a separate window process so as to monitor whenever I feel the need, and of course logs kept for later analysis. Also how about that rule based firewall that watches both in/out bound connection attempts, where I can set either allow, deny or ask, per process. Does any such animal like that exist?
Before answering that we have to look back and correct this first:
Quote:
Originally Posted by JustAnotherHuman
Actually I'd also like a local software firewall to monitor outgoing 'attempts,' giving me the option of stopping them if I so choose. With MS Windows I started with ZoneAlarm, (..) Then I switched to Comodo. I firmly agree that monitoring outgoing 'attempts' can be a valuable tool, letting one know they have been compromised, so as to stop someone that's done so.
...because the latter is not true without some thought and effort from you. Most of this is explained in your distributions user documentation security section so I'll be terse:
- Threats should be avoided and breaches of security should be prevented.
- After-the-fact reporting does not equal taking proactive measures.
- Linux is not Windows: know what threats affect Linux.

More generally speaking:
- Know what you're doing, use common sense and read up on securing your machine,
- Install only software you need and only packages from known good sources and update when updates are released,
- Don't open ports in your firewall and don't forward ports in your statefull NAT router unless you know you need it,
- Make regular backups and regularly check your machine for problems.

...or as I'd like to say: Linux may be free to use but using it should not be free of responsibilities.


That said, Tuxguardian, Leopardflower, Fireflier and Pgrd (all on Sourceforge.net BTW) were some examples of "ZoneAlarm-for-Linux"-like applications. None of them are maintained anymore, indicating the idea that with Linux things are done differently. It may be hard to understand now but once you've read the documentation and if you understand and adhere to the points I mentioned above you'll find there simply is no need to monitor and block outgoing processes. So I strongly suggest you get acquainted and read the basic user documentation, if unsure examine your system to verify its integrity and then ask detailed questions. You'll be saving yourself a lot of worrying for nothing, time and effort.
 
Old 01-25-2015, 01:37 PM   #13
JustAnotherHuman
LQ Newbie
 
Registered: Jan 2015
Location: USA
Distribution: Fedora 21 WS (x64)
Posts: 19

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by unSpawn View Post
In that case it's good to know that Fedora, just like its parent companies OSes, come with extensive documentation. Familiarizing yourself with the basic installation, user and security documentation will help introducing the concepts, get you accustomed to basic tasks and therefore be more efficient and productive using Linux. One of the indications this is necessary is new Linux users talking about antivirus, firewalls and specific applications as if they were still running (with a) Windows (mindset). Also its good to know LQ has a pretty good search function (although you have to kind of know what you're looking for). Also realize that not every advice is good advice: ensure you understand what you're doing or knowing where to find specific documentation to check things is crucial, but that goes for about anything, right?..



Before answering that we have to look back and correct this first:
...because the latter is not true without some thought and effort from you. Most of this is explained in your distributions user documentation security section so I'll be terse:
- Threats should be avoided and breaches of security should be prevented.
- After-the-fact reporting does not equal taking proactive measures.
- Linux is not Windows: know what threats affect Linux.

More generally speaking:
- Know what you're doing, use common sense and read up on securing your machine,
- Install only software you need and only packages from known good sources and update when updates are released,
- Don't open ports in your firewall and don't forward ports in your statefull NAT router unless you know you need it,
- Make regular backups and regularly check your machine for problems.

...or as I'd like to say: Linux may be free to use but using it should not be free of responsibilities.


That said, Tuxguardian, Leopardflower, Fireflier and Pgrd (all on Sourceforge.net BTW) were some examples of "ZoneAlarm-for-Linux"-like applications. None of them are maintained anymore, indicating the idea that with Linux things are done differently. It may be hard to understand now but once you've read the documentation and if you understand and adhere to the points I mentioned above you'll find there simply is no need to monitor and block outgoing processes. So I strongly suggest you get acquainted and read the basic user documentation, if unsure examine your system to verify its integrity and then ask detailed questions. You'll be saving yourself a lot of worrying for nothing, time and effort.
Thanks for your help my friend, it was greatly appreciated. I shall check out those programs you've mentioned.

JustAnotherHuman
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Open source tool to monitor network latency due to software/hardware firewall kris_rocks! Linux - Security 1 02-11-2011 04:40 PM
Firewall (Hardware) ryedunn Linux - Networking 9 09-06-2008 07:50 AM
Firewall Monitor Peter_APIIT Linux - Software 3 07-11-2007 03:35 AM
Is there any way to get around a hardware firewall? cheeseandpenguins Linux - General 10 05-22-2007 10:32 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 01:41 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration