Re: packets loging - Jakub Wartak

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Jakub Wartak <vnulllists@pcnet.com.pl>
To: netfilter@lists.netfilter.org
Subject: Re: packets loging
Date: Sat, 22 Apr 2006 15:47:31 +0200	[thread overview]
Message-ID: <200604221547.31612.vnulllists@pcnet.com.pl> (raw)
In-Reply-To: <002d01c66445$01dd28f0$0e01050a@CyberAdmin>

Dnia czwartek, 20 kwietnia 2006 08:38, robee napisa³:
> when i use -j LOG target, netfilter writes so many information to syslog.
> what can i use to write only IN and OUT interface, SRC and DST host?

Get a syslog-ng up && running. 
Create filter to match only entries you are interested in ( iptables 
--log-prefix "something-unique"  + filter { } definition in syslog-ng.conf )
Try to catch this "prefix" and direct it into pipe ( you can feed some SQL 
backend with it or write small daemon/script that will read this pipe line by 
line and extract information that you want to store/you are interested in ).

And also try NOT to log netfilter messages info messages/kernel and so on 
( performance reasons ).  This can be achived by using "not 
match(somestring)" in log {} section.

-- 
Jakub Wartak
-vnull
Abstrakcyjna plciowosc szczekoczulek Konstantego.
http://vnull.pcnet.com.pl/

     prev parent reply	other threads:[~2006-04-22 13:47 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2006-04-20  6:38 packets loging robee
2006-04-20 20:47 ` Mario
2006-04-21  6:34   ` robee
2006-04-21  7:22     ` Rob Sterenborg
2006-04-21  7:36       ` robee
2006-04-21  7:57         ` Rob Sterenborg
2006-04-21  8:52           ` robee
2006-04-21 11:15             ` Rob Sterenborg
2006-04-22 13:47 ` Jakub Wartak [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=200604221547.31612.vnulllists@pcnet.com.pl \
    --to=vnulllists@pcnet.com.pl \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.