Have you tried tcpdump?
Code:
tcpdump -i eth1 port 3128
will list all traffic on port 3128 passing through eth1. You can dump this data to a file as follows:
Code:
tcpdump -C [maxsize] -w [filename] -i eth1 -W [filecount] port 3128
Replace maxsize with a number representing the millions of bytes you want in each file, filename with the name of the file you want the log to be written to and filecount with the number of files you want written.
Code:
tcpdump -C 1 -w /var/tcpdump/portlog -i eth1 -W 5 port 3128
Will dump the traffic on eth1 to portlog1 (be sure to use an existing directory) until portlog1 exceeds 1000000 characters. When the file gets too large it will create portlog2 and continue logging in this new file. When portlog5 gets full the system will automatically delete and recreate portlog1. There only limit to the size of the file is available disk space, the number of log files can be greater than 9 and will result in file names buffered with 0 to the size you specify. For example -W 100 would create files from 001 to 100.
You could add this command to your start-up script (may need to run as root) and it will log the activity. To reduce the entries in the log file you can add other filters (in addition to port #) to the end of the command. See man netdump for specifics.
(Edited - used -F where -w should have been -- sorry!)
Hope this helps