ULOG

ULOG

[Michelle Konzack]

Hello, 

I am using Debian GNU/Linux 3.0r2 WOODY and have installed the 'ulogd' 
Packge. 

I like to log the traffic in my ADSL-Interface ppp0 
But I do not know, HOW !

All tries are faild.

Can anone tell me the rule ?

Oh yes, is it possibel to log the traffic from ppp0 to a 
specified IP-Adress inside my Network in a seperated file ?

I like to have for each IP/Server (26 complet) in my private 
network a logfile.

Thanks
Michelle

-- 
Registered Linux-User #280138 with the Linux Counter, http://counter.li.org/ 

ULOG

[Michelle Konzack]

Hello, 

I am using Debian GNU/Linux 3.0r2 WOODY and have installed the 'ulogd' 
Packge. 

I like to log the traffic in my ADSL-Interface ppp0 
But I do not know, HOW !

All tries are faild.

Can anone tell me the rule ?

Oh yes, is it possibel to log the traffic from ppp0 to a 
specified IP-Adress inside my Network in a seperated file ?

I like to have for each IP/Server (26 complet) in my private 
network a logfile.

Thanks
Michelle

-- 
Registered Linux-User #280138 with the Linux Counter, http://counter.li.org/ 

Re: ULOG

[XiChimos]

Is there any reason why tcpdump wouldn't work?

apt-get install tcpdump

Then you can do 'tcpdump -i ppp0 -w FILENAME dst 192.168.1 '  What this 
does is takes all the packets from ppp0 bound for the range 192.168.1.* 
and throws them in FILENAME. Then if you wanted to break things up, you 
could use grep:

grep 192.168.1.1 FILENAME > 192.168.1.1_file

You would do that for each IP.

You can always do 'man tcpdump' or 'man grep' if you want to do or know 
more.

You could also try ethereal.  I would use either one of these instead of 
modifying the firewall, unless you have good reason to not use these 
programs.  I hope that helps.  Check out 'man iptables' to see what 
iptables offers.

Chris

Michelle Konzack wrote:

>Hello, 
>
>I am using Debian GNU/Linux 3.0r2 WOODY and have installed the 'ulogd' 
>Packge. 
>
>I like to log the traffic in my ADSL-Interface ppp0 
>But I do not know, HOW !
>
>All tries are faild.
>
>Can anone tell me the rule ?
>
>Oh yes, is it possibel to log the traffic from ppp0 to a 
>specified IP-Adress inside my Network in a seperated file ?
>
>I like to have for each IP/Server (26 complet) in my private 
>network a logfile.
>
>Thanks
>Michelle
>
>  
>

Re: ULOG

[Klemen Kecman]

You can find more info here.

http://www.stearns.org/doc/iptables-ulog.current.html

----- Original Message ----- 
From: "XiChimos" <xichimos@plobe.com>
To: "Michelle Konzack" <linux4michelle@freenet.de>
Cc: <netfilter@lists.netfilter.org>
Sent: Wednesday, January 21, 2004 2:12 AM
Subject: Re: ULOG


> Is there any reason why tcpdump wouldn't work?
> 
> apt-get install tcpdump
> 
> Then you can do 'tcpdump -i ppp0 -w FILENAME dst 192.168.1 '  What this 
> does is takes all the packets from ppp0 bound for the range 192.168.1.* 
> and throws them in FILENAME. Then if you wanted to break things up, you 
> could use grep:
> 
> grep 192.168.1.1 FILENAME > 192.168.1.1_file
> 
> You would do that for each IP.
> 
> You can always do 'man tcpdump' or 'man grep' if you want to do or know 
> more.
> 
> You could also try ethereal.  I would use either one of these instead of 
> modifying the firewall, unless you have good reason to not use these 
> programs.  I hope that helps.  Check out 'man iptables' to see what 
> iptables offers.
> 
> Chris
> 
> Michelle Konzack wrote:
> 
> >Hello, 
> >
> >I am using Debian GNU/Linux 3.0r2 WOODY and have installed the 'ulogd' 
> >Packge. 
> >
> >I like to log the traffic in my ADSL-Interface ppp0 
> >But I do not know, HOW !
> >
> >All tries are faild.
> >
> >Can anone tell me the rule ?
> >
> >Oh yes, is it possibel to log the traffic from ppp0 to a 
> >specified IP-Adress inside my Network in a seperated file ?
> >
> >I like to have for each IP/Server (26 complet) in my private 
> >network a logfile.
> >
> >Thanks
> >Michelle
> >
> >  
> >
> 
> 

Re: ULOG

[bino-psn]

What you want to log ?
- the "content of the traffic"
- or the size of the traffic (bandwith occupation)

Sincerely
-bino-
----- Original Message -----
From: "Michelle Konzack" <linux4michelle@freenet.de>
To: <netfilter@lists.netfilter.org>
Sent: Wednesday, January 21, 2004 7:40 AM
Subject: ULOG


> Hello,
>
> I am using Debian GNU/Linux 3.0r2 WOODY and have installed the 'ulogd'
> Packge.
>
> I like to log the traffic in my ADSL-Interface ppp0
> But I do not know, HOW !
>
> All tries are faild.
>
> Can anone tell me the rule ?
>
> Oh yes, is it possibel to log the traffic from ppp0 to a
> specified IP-Adress inside my Network in a seperated file ?
>
> I like to have for each IP/Server (26 complet) in my private
> network a logfile.
>
> Thanks
> Michelle
>
> --
> Registered Linux-User #280138 with the Linux Counter,
http://counter.li.org/
>
>

Re: ULOG

[Michelle Konzack]

Am 2004-01-21 16:38:18, schrieb bino-psn:
>What you want to log ?
>- the "content of the traffic"
>- or the size of the traffic (bandwith occupation)
>
>Sincerely
>-bino-

1)	The IN/OUT traffic on ppp0 to some (all) internel IP's
2)	IP's of incoming requests and the internal destination IP/Port

Greetings
Michelle

-- 
Registered Linux-User #280138 with the Linux Counter, http://counter.li.org/ 

Re: ULOG

[Michelle Konzack]

Am 2004-01-21 01:40:46, schrieb Michelle Konzack:
>Hello, 
>
>I am using Debian GNU/Linux 3.0r2 WOODY and have installed the 'ulogd' 
>Packge. 
>
>I like to log the traffic in my ADSL-Interface ppp0 
>But I do not know, HOW !

Now I ave tried again:

iptables -I INPUT  1 -i ppp0 -j ULOG
iptables -I OUTPUT 1 -o ppp0 -j ULOG

But I get nothing in the logfiles...

Q:	Does anyone have A WOODY-Backport for 'ulogd' ?
	I have only version 0.97-1. Because a little technical 
	problem I can not compile the Version from 'unstable'
	
Greetings
Michelle

-- 
Registered Linux-User #280138 with the Linux Counter, http://counter.li.org/