From: "robee" <mlody@elpec.com>
To: netfilter@lists.netfilter.org
Subject: Re: packets loging
Date: Fri, 21 Apr 2006 10:52:45 +0200 [thread overview]
Message-ID: <004401c66520$f6286880$0e01050a@CyberAdmin> (raw)
In-Reply-To: 51316.193.173.147.3.1145606258.squirrel@webmail.sterenborg.info
----- Original Message -----
From: "Rob Sterenborg" <rob@sterenborg.info>
To: <netfilter@lists.netfilter.org>
Sent: Friday, April 21, 2006 9:57 AM
Subject: Re: packets loging
> On Fri, April 21, 2006 09:36, robee wrote:
>>>> but i want only this:
>>>> Apr 21 04:09:20 master kernel: HTTP_IN=eth2 OUT=eth0 SRC=10.11.9.2
>>>> DST=213.54.82.29
>>>> any sugestion?
>>> AFAIK that isn't possible.
>>> Why would you want to anyway ?
>>> Gr,
>>> Rob
>> less data to write, less disk load
> It must be a really busy box if this is going to hog your disk space|IO.
> If you use the limit match ("-m limit --limit 1/sec" or something) your
> logging will also be less.
> Gr,
> Rob
disk space is not a problem but disk usage increased 10 times during loging
dstport 80 only. it is a gateway for large network.
When i use limit module is it possible that loging system miss some
significant connection? or it has influence to particular destination host?
ex:
log like:
Apr 21 04:09:20 master kernel: HTTP_IN=eth2 OUT=eth0 SRC=10.11.9.2
DST=213.54.82.29 ...
Apr 21 04:09:20 master kernel: HTTP_IN=eth2 OUT=eth0 SRC=10.11.9.2
DST=82.140.223.12 ...
Apr 21 04:09:20 master kernel: HTTP_IN=eth2 OUT=eth0 SRC=10.11.9.2
DST=112.212.123.2 ...
Apr 21 04:09:21 master kernel: HTTP_IN=eth2 OUT=eth0 SRC=10.11.9.2
DST=213.54.82.29 ...
Apr 21 04:09:22 master kernel: HTTP_IN=eth2 OUT=eth0 SRC=10.11.9.2
DST=213.54.82.29 ...
Apr 21 04:09:23 master kernel: HTTP_IN=eth2 OUT=eth0 SRC=10.11.9.2
DST=213.54.82.29 ...
Apr 21 04:09:24 master kernel: HTTP_IN=eth2 OUT=eth0 SRC=10.11.9.2
DST=213.54.82.29 ...
turns to:
Apr 21 04:09:20 master kernel: HTTP_IN=eth2 OUT=eth0 SRC=10.11.9.2
DST=213.54.82.29 ...
Apr 21 04:09:20 master kernel: HTTP_IN=eth2 OUT=eth0 SRC=10.11.9.2
DST=82.140.223.12 ...
Apr 21 04:09:20 master kernel: HTTP_IN=eth2 OUT=eth0 SRC=10.11.9.2
DST=112.212.123.2 ...
robee
next prev parent reply other threads:[~2006-04-21 8:52 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-04-20 6:38 packets loging robee
2006-04-20 20:47 ` Mario
2006-04-21 6:34 ` robee
2006-04-21 7:22 ` Rob Sterenborg
2006-04-21 7:36 ` robee
2006-04-21 7:57 ` Rob Sterenborg
2006-04-21 8:52 ` robee [this message]
2006-04-21 11:15 ` Rob Sterenborg
2006-04-22 13:47 ` Jakub Wartak
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='004401c66520$f6286880$0e01050a@CyberAdmin' \
--to=mlody@elpec.com \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.