Re: Iptables Log - session Log

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Roberto Nibali <ratz@tac.ch>
To: "Jens Kühlberg" <jn_k@gmx.de>
Cc: netfilter@lists.netfilter.org
Subject: Re: Iptables Log - session Log
Date: Mon, 16 Dec 2002 12:04:17 +0100	[thread overview]
Message-ID: <3DFDB331.4040101@tac.ch> (raw)
In-Reply-To: 10887.1039682956@www54.gmx.net

> I looking for a tool, witch can analyse iptales logs and show me only
> connections-session in realtime and not the complete IP-traffic.

Define 'realtime' in the context of logging filtered traffic flows. I hear it 
everywhere but people mostly seem to have a strange view about that, especially 
when it comes to IDS.

I presume that you'd like to log:

o session start packet (entering conntrack table with its own timer)
o session end packet (lifetime defined through TSM of the conntrack core)
o session time (endlife packet time - packet entering time)
o session stats
   - total amount of bytes per session
   - total amount of packets per session
   - whatever conntrack has to give us and is interesting ;)

If so, in the beginning of next year (probably February) I will release a new 
target for netfilter called SLOG, which stands for session log. It was done 
exactly for this purpose and because logging anything else then sessions in most 
of the cases doesn't make too much sense (we have IDS doing that for example).

I need to rework and fix some issues of the initial work that has been done by 
Roman Hoog Antink as a contract work for our company in conjunction with his 
semester thesis at uni. An outstanding thing for example is the usage of 
ctnetlink, which still seems to have quite a few rough edges.

Best regards,
Roberto Nibali, ratz
-- 
echo '[q]sa[ln0=aln256%Pln256/snlbx]sb3135071790101768542287578439snlbxq' | dc

     prev parent reply	other threads:[~2002-12-16 11:04 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2002-12-12  8:49 Iptables Log - session Log Jens Kühlberg
2002-12-16 11:04 ` Roberto Nibali [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=3DFDB331.4040101@tac.ch \
    --to=ratz@tac.ch \
    --cc=jn_k@gmx.de \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.