From: Svenne Krap <svenne@krap.dk>
To: "netfilter@lists.netfilter.org" <netfilter@lists.netfilter.org>
Subject: Logging
Date: Thu, 11 Aug 2005 17:49:40 +0200 [thread overview]
Message-ID: <42FB7394.4010203@krap.dk> (raw)
Hi.
I am currently working on a not so simple firewall setup on a modern
machine (Xeon, Gigs of memory, SCSI subsystem).
As part of it, I would like to know various "event" statistics.Questions
I would like to answer is "How many hits on port 1433 have i got, and
how is that distributed amongst the machines". Think pivot table data.
Is there some way to get netfilter to collect rule hits (like with no -j
clause) for a each port/ip-address individually within a range ?
Other than creating thousands of lines of rules and add them to my
"firewall-startup" script (which is currently slightly less than 80 rules).
I have thought of just logging all traffic and running it through a
userspace program via syslog-ng, but frankly I worry about performance
(the firewall should be able to filter at least the 100Mbps connection,
it currently sits on) under flooding.
Your thoughs are apprieciated :)
Svenne
next reply other threads:[~2005-08-11 15:49 UTC|newest]
Thread overview: 47+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-08-11 15:49 Svenne Krap [this message]
2005-08-11 20:54 ` Logging Chris Brenton
2005-08-12 6:24 ` Logging Grant Taylor
-- strict thread matches above, loose matches on Subject: below --
2020-03-15 13:16 Logging J.R. Oldroyd
2020-03-16 11:25 ` Logging Arti Zirk
2020-03-16 19:30 ` Logging Jason A. Donenfeld
2020-03-17 7:37 ` Logging J.R. Oldroyd
2020-03-17 18:12 ` Logging Luis Ressel
2020-03-18 8:14 ` Logging J.R. Oldroyd
2020-03-18 10:43 ` Logging Luis Ressel
2011-04-17 23:30 Logging Zenon Panoussis
2011-04-18 0:53 ` Logging Colin McCabe
2011-04-18 10:13 ` Logging Zenon Panoussis
2011-04-18 17:16 ` Logging Colin McCabe
2011-04-18 18:17 ` Logging Zenon Panoussis
2011-04-18 18:41 ` Logging Colin McCabe
2011-04-18 20:56 ` Logging Zenon Panoussis
2011-04-18 22:25 ` Logging Colin McCabe
2011-04-19 0:10 ` Logging Zenon Panoussis
2011-04-19 5:02 ` Logging Sage Weil
2011-04-19 11:19 ` Logging Zenon Panoussis
2011-04-19 16:27 ` Logging Sage Weil
2004-04-25 15:32 logging IT Clown
2004-04-25 15:45 ` logging Antony Stone
2004-04-12 3:13 logging ip tables
2004-04-01 5:38 logging IT Clown
2004-04-06 10:26 ` logging D. Prima Prayudi
2004-03-31 9:18 logging IT Clown
2004-03-31 9:59 ` logging Mark Page
2004-03-15 15:56 Logging Hurley, Michael
2004-03-15 15:51 Logging Mario Udina
2004-03-15 16:07 ` Logging Frederic de Villamil
2004-03-15 16:08 ` Logging Antony Stone
2004-03-15 16:25 ` Logging Frank Gruellich
2004-03-15 16:36 ` Logging forum
2003-12-29 22:43 logging John T. Williams
2003-12-30 2:39 ` logging caszonyi
2003-12-30 2:44 ` logging Ray Olszewski
2003-03-24 14:02 logging Philippe Dhont (Sea-ro)
2003-01-14 18:23 Logging Subba Rao
2003-01-16 19:20 ` Logging Athan
2003-01-17 4:26 ` Logging Dharmendra.T
[not found] <20021021210421.79305.qmail@web40702.mail.yahoo.com>
2002-10-21 21:39 ` Logging Antony Stone
2002-04-10 5:46 Logging Chris Rose
2002-04-10 6:08 ` Logging Richard Adams
2002-04-10 6:36 ` Logging Chris Rose
2002-04-10 18:23 ` Logging Richard Adams
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=42FB7394.4010203@krap.dk \
--to=svenne@krap.dk \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.