Logging network traffic - alternatives to snort?
This is a discussion on Logging network traffic - alternatives to snort? within the Linux Networking forums, part of the Linux Forums category; Hello all, I use netfilter/iptables to safeguard my debian gateway box and currently I have a selection of -j ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
10-06-2003
|
|||
|
|||
Logging network traffic - alternatives to snort?
Hello all,
I use netfilter/iptables to safeguard my debian gateway box and currently I have a selection of -j LOG rules to monitor traffic such as SMTP/SSH. I would like to be able to log incoming traffic in a more advanced manner but, unfortunately, I cannot stick a snort box in front of my gateway (for many reasons - no spare hardware, I only have one public IP and my gateway runs quite a few public servers). What would anyone recommend as an alternative to snort that is an improvement over the standard -j LOG functionality? What I am after is a clear, concise, human-readable log that lists things such as connection attempts on certain ports, their frequency and their source. TIA, -- Charlie aka gpuk E-mail? Remove the BLOCK to reply 
|
|
10-07-2003
|
|||
|
|||
|
Re: Logging network traffic - alternatives to snort?
Packet filtering firewalls check IP addresses and ports in every packet
header. They rarely look into the data. As I know, they watch the data when the session is ftp-related and irc-related, etc. The log they generates is hard to read. Maybe you should look for some application gateway firewall, such as ITShield Firewall and Sidewinder Firewall. This type of firewalls checks the data as well as IP addresses and ports, and generates the clear and human-readable log. Ida Young "Charlie" <usenetBLOCK@myrealbox.com> wrote in message news:ih83ovkp3i4uf0ceekchera0jtmk8pmiq8@4ax.com... > Hello all, > I use netfilter/iptables to safeguard my debian gateway box and currently I > have a selection of -j LOG rules to monitor traffic such as SMTP/SSH. > > I would like to be able to log incoming traffic in a more advanced manner > but, unfortunately, I cannot stick a snort box in front of my gateway (for > many reasons - no spare hardware, I only have one public IP and my gateway > runs quite a few public servers). > > What would anyone recommend as an alternative to snort that is an > improvement over the standard -j LOG functionality? > > What I am after is a clear, concise, human-readable log that lists things > such as connection attempts on certain ports, their frequency and their > source. > > TIA, > -- > Charlie aka gpuk > E-mail? Remove the BLOCK to reply
|
Linear Mode
