From mboxrd@z Thu Jan 1 00:00:00 1970 From: Eric Leblond Subject: Re: logging of successful tcp connections Date: Fri, 22 Apr 2005 17:14:14 +0200 Message-ID: <1114182854.7835.1.camel@localhost.localdomain> References: Mime-Version: 1.0 Content-Transfer-Encoding: quoted-printable Return-path: In-Reply-To: List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: netfilter-bounces@lists.netfilter.org Errors-To: netfilter-bounces@lists.netfilter.org Content-Type: text/plain; charset="iso-8859-1" To: christopher.f.ulherr@exgate.tek.com Cc: netfilter@lists.netfilter.org Le jeudi 21 avril 2005 =E0 09:38 -0700, christopher.f.ulherr@exgate.tek.com a =E9crit : > I would like to know if there is a way I can log only successful tcp > connections. I'm only interested in successful (established) > connections, and not just syn "connection attempts". I guess what I need > is a way to log a single packet if it caused a state transition from NEW > to ESTABLISHED. It would also be helpful to log the packet that > terminated the connection (state change from established).=20 Have a look at : http://regit.free.fr/nufw/content.php?article.11 We used this in the NuFW project(http://www.nufw.org) to track the state of connections. > In this > manner, we could easily tell what connections were made, and their > duration (and not rely on the userland application to log this info). >=20 > I've looked into using the state matching, but couldn't achieve this > specific functionality with that. >=20 >=20 > Is there some trivial way to accomplish this I am overlooking? >=20 >=20 > Thanks, > Chris >=20