Re: [Astlinux-users] router - ip port 80 (out) logging?

Mon, 09 Jul 2012 14:04:05 -0700 

Graham,

I don't know of a good way to do this within AstLinux.

There is no Arno Firewall variable to enable this sort of feature.

You could add an iptables rule to 
"/mnt/kd/arno-iptables-firewall/custom-rules", something like:
--
# Put any custom (iptables) rules here down below:
##################################################

echo "Custom: Log TCP 80 LAN->INET"
iptables -A LAN_INET_FORWARD_CHAIN -p tcp --dport 80 -m state --state NEW -m 
limit \
    --limit 3/m --limit-burst 15 -j LOG --log-level $LOGLEVEL --log-prefix 
"AIF:TCP LAN->INET log: "
--
The restart AIF...
$ arno-iptables-firewall restart

The problem is that this generates a *lot* of logs to syslog of the form:

Jul  9 15:29:29 pbx2 user.info kernel: AIF:TCP LAN->INET log: IN=eth4 OUT=eth0 
SRC=192.168.111.215 DST=74.125.227.2 LEN=64 TOS=0x00 PREC=0x00 TTL=63 ID=42161 
DF PROTO=TCP SPT=51760 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0

This 'sed' command would extract the SRC and DST values...

$ sed -n -r 's/^.* AIF:TCP LAN->INET .* SRC=([0-9.]*) DST=([0-9.]*) .*$/\1 
\2/p' /var/log/messages
192.168.111.215 74.125.227.92
192.168.111.215 74.125.227.92

But now you need to reverse DNS on the second column to make it meaningful 
(maybe) ...

Not pretty.  And a *lot* of data.

Lonnie


On Jul 9, 2012, at 1:25 PM, Graham S. Jarvis wrote:

> Hello All,
> 
> A client is using an Astlinux (1.0.3) installation as their gateway and they 
> have asked me if there is a way of logging outgoing connections to web sites.
> 
> They basically want to know what the people are connecting to in work time.
> 
> Or is there a solution with Wireshark on a PC on the LAN?
> 
> Any ideas?
> 
> -Graham-



------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Astlinux-users mailing list
Astlinux-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/astlinux-users

Donations to support AstLinux are graciously accepted via PayPal to 
pay...@krisk.org.

Reply via email to