logging

logging

[John T. Williams]

I was wondering if there is a good method for logging all attempts to
connect to a port on my computer.  Basically, I was looking for
something that logged the port and ip and the destination port of
attempted connections.

I'm running Mandrake 9.1




-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

Re: logging

[caszonyi]

On Tue, 29 Dec 2003, John T. Williams wrote:

> I was wondering if there is a good method for logging all attempts to
> connect to a port on my computer.  Basically, I was looking for
> something that logged the port and ip and the destination port of
> attempted connections.
>
> I'm running Mandrake 9.1
>

iptables has a logging option but I can't tell you more.
http://lartc.org and look for HOWTO on that page

-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

Re: logging

[Ray Olszewski]

At 05:43 PM 12/29/2003 -0500, John T. Williams wrote:
>I was wondering if there is a good method for logging all attempts to
>connect to a port on my computer.  Basically, I was looking for
>something that logged the port and ip and the destination port of
>attempted connections.
>
>I'm running Mandrake 9.1

Presumably a 2.4.x kernel then.

iptables itself (the kernel's built-in firewalling) will do this; LOG is a 
predefined target that does not terminate (in the way that ACCEPT, REJECT, 
and DENY do) but does log each matching packet before passing it on to the 
next rule in the chain.

The man page for iptables will at least get you started. If you need help 
with specifics after reading it, don't hesitate to ask here.





-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

Logging

[Chris Rose]

Can anyone on the list suggest some tools for log reading?  i'm trying to 
audit my ftp server (proftpd) and i have no idea how to configure its 
logging, nor how best to view what it puts out.  i have Webmin, but the 
logging interface in there is pretty unclear to someone who's got nothing 
to start from, knowledge-wise.


Chris Rose
==========
1952 - 2001 = 42


-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

Re: Logging

[Richard Adams]

On Wednesday 10 April 2002 05:46, Chris Rose wrote:
> Can anyone on the list suggest some tools for log reading?  i'm trying to
> audit my ftp server (proftpd) and i have no idea how to configure its
> logging, nor how best to view what it puts out.  i have Webmin, but the
> logging interface in there is pretty unclear to someone who's got nothing
> to start from, knowledge-wise.

Why would one want to ue a fancy program to read a simple text file, the 
program less allows the use of a search engine, hit the '/' key and a slash 
will appier at the bottom left of the screen, type a word to look for, then 
hit enter, to repeat hit the slash again and press enter or simply hit the 
space bar, the found word is highlighted.

>
> Chris Rose
> ==========
> 1952 - 2001 = 42

-- 
Regards Richard
pa3gcu@zeelandnet.nl
http://people.zeelandnet.nl/pa3gcu/

-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

Re: Logging

[Chris Rose]

At 06:08 AM 10/04/2002 +0000, Richard Adams wrote:
>On Wednesday 10 April 2002 05:46, Chris Rose wrote:
> > Can anyone on the list suggest some tools for log reading?  i'm trying to
> > audit my ftp server (proftpd) and i have no idea how to configure its
> > logging, nor how best to view what it puts out.  i have Webmin, but the
> > logging interface in there is pretty unclear to someone who's got nothing
> > to start from, knowledge-wise.
>
>Why would one want to ue a fancy program to read a simple text file, the
>program less allows the use of a search engine, hit the '/' key and a slash
>will appier at the bottom left of the screen, type a word to look for, then
>hit enter, to repeat hit the slash again and press enter or simply hit the
>space bar, the found word is highlighted.

i think you're missing the point - what i'm looking for is not, per se, the 
mechanism used to read the log, so much as i'm looking for the means to 
make sense of what i'm seeing, and also which log files/settings of the 
daemon will provide me with stats on uploads/downloads from my ftp site.


Chris Rose
==========
1952 - 2001 = 42


-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

Re: Logging

[Richard Adams]

On Wednesday 10 April 2002 06:36, Chris Rose wrote:

> >Why would one want to ue a fancy program to read a simple text file, the
> >program less allows the use of a search engine, hit the '/' key and a
> > slash will appier at the bottom left of the screen, type a word to look
> > for, then hit enter, to repeat hit the slash again and press enter or
> > simply hit the space bar, the found word is highlighted.
>
> i think you're missing the point - what i'm looking for is not, per se, the
> mechanism used to read the log, so much as i'm looking for the means to
> make sense of what i'm seeing, and also which log files/settings of the
> daemon will provide me with stats on uploads/downloads from my ftp site.

I dont think i am, i meant what i said, what i can tell you futher is that 
proftp.log does not really reveal much infomation at all, its "xferlog" in 
/var/log that tells all, 'man xferlog' will explain all there is to be known.

Just in case you may read my mail as being prudent here is what profftp log 
shows.
Aug 05 15:16:02 unix.pa3gcu proftpd[3839]

Date and time i am sure we all now what that is, unix.pa3gcu = the server 
name, proftpd[389] is the process number as would be shown by 'ps ax' when 
the connection was presant. Further on the same line in the log one would see;

unix.pa3gcu.ampr.org (192.168.1.160[192.168.1.160]): USER pa3gcu: Login 
successful

unix.pa3gcu.ampr.org is the fullservername (192.168.1.160[192.168.1.160]): is 
the IP# of the remote computer who just opened the ftp connect,
USER: pa3gcu = the user who logged in, that could be ftp or guest when 
anoymous is used, Login succesful means a valid passwd was used.
Any discrepancy's would be logged as well as the last entry on the line.
No more info is given, you now would refer to xferlog to get details of what 
was done in that connection.
See 'man xferlog' to get all the details on those entries.

I trust i have not missed the point in your eyes this time...

>
>
> Chris Rose
> ==========
> 1952 - 2001 = 42

-- 
Regards Richard
pa3gcu@zeelandnet.nl
http://people.zeelandnet.nl/pa3gcu/

-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs