Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I want to do some kind of "gofencing". That is if my phone with WiFi turn on will be in range of my home WiFi network and will generate any traffic to my Raspberry Pi (Ubuntu 14.04 32 bit), I want to log this traffic to file other than /var/log/something. For me important is that it could be any traffic (UDP or TCP) and such solution must recognise such traffic by MAC address of phone not by IP address because even DHCP broadcast must be logged.
Take care, that I im not interested in any particular traffic or protocol or packet but I want to catch of any possible traffic.
Be so kind to help me to resolve that problem.
Physically I have (r)syslog installed but daemon is disabled because it writes to file /var/log/something so it reduce dramatically lifespan of SD card. I enable syslog if necessary only. The same situation is with ulogd. Still writing to SD card located file not to stdout. My goal is to analyse logs line by line not write it to file. Except temporary file located in RAM shared memory.
Named pipe - sounds good. But it is still writing to file. As I mentioned, all system is located on SD card so placeig such file on SD reduce its lifespan. The solution is write it to RAM. But RAM has limited size. So is it possible to write such logs line by line to file in that way that new line overwrite older one? I am not interesting in details of logs but only in presence of such one "catch" by iptables log rule.
This will show you the number of packets netfilter has applied your rules to.
OK. But as I understand this syntax, it shows number of packets netfilter has applied rules to taken from log file. So log file still exist as I understand. I want to avoid to create any huge file in RAM. Such file should contain only the last line of logs, does not matter what it consist. I am only interested in this that any packet defined bu iptabes rule was registered or not. Is it possible?
Named pipe - sounds good. But it is still writing to file. As I mentioned, all system is located on SD card so placeig such file on SD reduce its lifespan. The solution is write it to RAM. But RAM has limited size. So is it possible to write such logs line by line to file in that way that new line overwrite older one? I am not interesting in details of logs but only in presence of such one "catch" by iptables log rule.
No, the very first paragraph from man fifo:
Code:
A FIFO special file (a named pipe) is similar to a pipe, except that it is accessed as part of the
filesystem. It can be opened by multiple processes for reading or writing. When processes are exchang‐
ing data via the FIFO, the kernel passes all data internally without writing it to the filesystem.
Thus, the FIFO special file has no contents on the filesystem; the filesystem entry merely serves as a
reference point so that processes can access the pipe using a name in the filesystem.
Quote:
Originally Posted by tyler2016
Code:
iptables -L -nv
This will show you the number of packets netfilter has applied your rules to.
Quote:
Originally Posted by mackowiakp
OK. But as I understand this syntax, it shows number of packets netfilter has applied rules to taken from log file.
Again, no. The counters are maintained as part of the rule structure in kernel space, not in a file.
If you are going to ask for help, please at least seriously consider the replies offered.
Quote:
Originally Posted by mackowiakp
I am only interested in this that any packet defined bu iptabes rule was registered or not.
Note: This is quite different from the previously stated goal...
"My goal is to analyse logs line by line not write it to file."
Then most definitely use iptables ... -v, how many packets matched the rule is exactly what the counters tell you.
Again, man iptables.
Last edited by astrogeek; 05-31-2019 at 02:50 PM.
Reason: Added quote, counter recommend
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
