Multiple Network Interfaces - How to log the destination IP / Interface
 

Hi Folkes,

I am running an HTTP server and an SSH server which are bound to 0.0.0.0.

I have multiple network interfaces. Now, in the logs, I do get the source IP address of the user and other session related data.

But, I do not get the interface to which the user connected.

Is there a way to somehow get this information ?

Regards;

John

Hi there, and welcome.

Your best best is probably to look at the iptables command. Something like this will most likely do the trick:

Log messages are sent to syslog.

More info available at https://www.iptables.org/documentati...ing-HOWTO.html.

I hope this helps.

Thanks cliffordw.

Thats a neat idea. But in case of a lot of logs, it is going to be pretty hard to map application logs to syslog logs.

I am hoping that I should be able to somehow tweak the application itself to log the destination IP / Interface.

My servers are written in python.

Regards;

John

Both the HTTP server and the SSH server you have are written in Python?

Maybe there is an option to increase the verbosity of the logs, or else you could find the lines where the log entry is created and add info about the interface yourself.

Hi,

In general, it should be possible for any user space application to log the IP addresses (source & destination) for any network connection it is handling. The interface name is a lot harder to get to.

In your Python code, you'll need to share a little more info if you want help. How are these servers handling the network connections? Are you using low level socket methods, or some higher level module(s)?

You didn't say which webserver you are running. If apache, you can log the local IP Address with the %A parameter to logformat. Then it should be easy to find out which device the IP Address belongs to. Unless you're using link aggregation, although I fail to see why you'd be interested in the information in that case ...