Yipes! (do people still say that?) That looks like it's going to fill the disk pretty quickly.... Where is the config for when /var/log/messages is to be rotated?
I suppose that I can limit log entries if I use "--src-range from[-to] " (or "--source address") If the only PC's that they are interested in are on DHCP this will limit to amount of data in the log. It will be easier if I hard-code the DHCP range (or can I get this from somewhere? - $DHCPRANGE is not available) I'll give this a try... Many thanks! -Graham- Lonnie Abelbeck wrote on 09/07/12 23:01: > Graham, > > I don't know of a good way to do this within AstLinux. > > There is no Arno Firewall variable to enable this sort of feature. > > You could add an iptables rule to > "/mnt/kd/arno-iptables-firewall/custom-rules", something like: > -- > # Put any custom (iptables) rules here down below: > ################################################## > > echo "Custom: Log TCP 80 LAN->INET" > iptables -A LAN_INET_FORWARD_CHAIN -p tcp --dport 80 -m state --state NEW -m > limit \ > --limit 3/m --limit-burst 15 -j LOG --log-level $LOGLEVEL --log-prefix > "AIF:TCP LAN->INET log: " > -- > The restart AIF... > $ arno-iptables-firewall restart > > The problem is that this generates a *lot* of logs to syslog of the form: > > Jul 9 15:29:29 pbx2 user.info kernel: AIF:TCP LAN->INET log: IN=eth4 > OUT=eth0 SRC=192.168.111.215 DST=74.125.227.2 LEN=64 TOS=0x00 PREC=0x00 > TTL=63 ID=42161 DF PROTO=TCP SPT=51760 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0 > > This 'sed' command would extract the SRC and DST values... > > $ sed -n -r 's/^.* AIF:TCP LAN->INET .* SRC=([0-9.]*) DST=([0-9.]*) .*$/\1 > \2/p' /var/log/messages > 192.168.111.215 74.125.227.92 > 192.168.111.215 74.125.227.92 > > But now you need to reverse DNS on the second column to make it meaningful > (maybe) ... > > Not pretty. And a *lot* of data. > > Lonnie > > > On Jul 9, 2012, at 1:25 PM, Graham S. Jarvis wrote: > >> Hello All, >> >> A client is using an Astlinux (1.0.3) installation as their gateway and they >> have asked me if there is a way of logging outgoing connections to web sites. >> >> They basically want to know what the people are connecting to in work time. >> >> Or is there a solution with Wireshark on a PC on the LAN? >> >> Any ideas? >> >> -Graham- > > > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > Astlinux-users mailing list > Astlinux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pay...@krisk.org. > ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Astlinux-users mailing list Astlinux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to pay...@krisk.org.
