Iptables logging and Squid
 

This might be simple for most of you since this is rather a syntax issue and I'm no expert in iptables.

I have a squid proxy and need to log any connections made to it (port 3128) through a particular interface say eth1. How can I achieve this?

Thanks

Have you tried tcpdump?

will list all traffic on port 3128 passing through eth1. You can dump this data to a file as follows:
Replace maxsize with a number representing the millions of bytes you want in each file, filename with the name of the file you want the log to be written to and filecount with the number of files you want written.

Will dump the traffic on eth1 to portlog1 (be sure to use an existing directory) until portlog1 exceeds 1000000 characters. When the file gets too large it will create portlog2 and continue logging in this new file. When portlog5 gets full the system will automatically delete and recreate portlog1. There only limit to the size of the file is available disk space, the number of log files can be greater than 9 and will result in file names buffered with 0 to the size you specify. For example -W 100 would create files from 001 to 100.

You could add this command to your start-up script (may need to run as root) and it will log the activity. To reduce the entries in the log file you can add other filters (in addition to port #) to the end of the command. See man netdump for specifics.

(Edited - used -F where -w should have been -- sorry!)
Hope this helps

Output will be displayed in /var/log/messages.

Check for following options :
--log-level level
Level of logging (numeric or see syslog.conf(5)).
--log-prefix prefix
Prefix log messages with the specified prefix; up to 29 letters long, and useful for distinguishing messages in the logs.

Check iptables manual page for more info.

P S Shah seems to have a much simpler solution than the one I gave. Use whatever works best for you.