Linuxathome.net https://forum.linuxathome.net/ |
|
Monitor TCP/IP Packets through a firewall https://forum.linuxathome.net/viewtopic.php?f=1&t=68 |
Page 1 of 1 |
Author: | WebmasterMattD [ Thu Aug 08, 2002 9:07 pm ] |
Post subject: | Monitor TCP/IP Packets through a firewall |
Due to my households use of 3 BG in only 6 days ( According to the Evil Empire that is ) and currently having to pay for the extra usage over this limit, I am in the need of a program that will allow me to monitor which URL/'s have been connected to and from which internal address. Currently I am using IP chains on a Linux Kernel, and am in need of a program that will allow me to monitor this traffic and log it to a file. If anyone knows of how to log connections to the appache server ( All connections not just failed attempts ) it would be of greate help. Later, WebmasterMattD http://www.webmastermattd.net http://www.christexplained.net |
Author: | mc [ Fri Aug 30, 2002 2:34 pm ] |
Post subject: | |
If you use a transparent proxy combined with squid all the webpages viewed will be logged to /var/log/squid/access.log including which IP requested the page. You could then use a squid analyser such as http://www.squid-graph.dhs.org/ to graph and record how much a particular IP uses. It also records the amount of mb's the squid missed and therefore had to fetch from the Internet. |
Author: | casper [ Mon Sep 09, 2002 5:15 pm ] |
Post subject: | |
man ipchains append -l to log anything matching a www rule and read the syslog or kern.log (varies with distro). Might want some kind of log processor if you're going to try and digest 3 Gb worth. or Are you asking where the logfiles for apache are? This will only help identify traffic served by you... See /etc/apache/httpd.conf and httpd.apache.org/docs/ or /var/log/apache Turn IP resolution on so you get something more than just the originating IP. Apologies if I've just insulted you. Use squid. |
Author: | CyberStriker [ Fri Oct 18, 2002 2:42 pm ] |
Post subject: | |
iptables also has the ability to monitor traffic through designated interfaces. You will need to enable the counter on the internal interface to capture and masqueraded traffic though. |
Page 1 of 1 | All times are UTC + 10 hours [ DST ] |
Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |