Re: [Masq] logging or ipqaccounting

Mon, 18 Sep 2000 18:36:34 -0700 

/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! 
/* ALSO: Don't quote this header. It makes you look lame :-) */


>hello all,
>    i'm running a RH 6.2 gateway computer with ip-maquerading & ip-chains
>firewall. I've been told by my boss that he want's to know who is going
where
>& when. Essentially i need to log where computers on the lan are going on
the
>internet & when. I'm not sure what i would use to do this. Could any one
give
>me any help to point me in the right direction.
>
>Russ

I used to automate this as much as possible.  Here is a script I created to
monitor all traffic, you can modify varibales as needed.  I used to start
this script on boot.

----------------------------------------------------
#!/bin/sh
# this file dumps snoop logs into the logging server
# Brandon Pepelea
# modified Brandon Pepelea for Linux RedHat V 5.2

size1=0
while [ "$size1" = 0 ]
do

let size=0
/usr/sbin/tcpdump -n -i  eth0 -s 150 ip > /var/log/snooper/snoopylog &

#alias rm='rm'
chmod 700 /var/log/snooper/snoopylog
# set x 0
# while {$x<10} {puts "x is $x" incr x }
size=0
while [ "$size" -le 4000000 ]
do
let size=`ls -l /var/log/snooper/snoopylog | grep snoopylog | awk '{ print
$5 }'
`
sleep 40
done

kill `ps afx | grep tcpdump | grep -v grep | awk '{ print $1 }'`

ftp ftp.dsdm.com
cp /var/log/snooper/snoopylog /var/log/snooper/snoopylog1
rm --force /var/log/snooper/snoopylog


done

------------------------------------
I used an ftp, profile script to automatically dump these files off of this
server, and then grep'd for the information I needed from the files.

L8r,
Brandon Pepelea
Enterprise Engineer
http://www.xenterprise.com
(310) 264-7627 work


_______________________________________________
Masq maillist  -  [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ -- 
THIS INCLUDES UNSUBSCRIBING!
or email to [EMAIL PROTECTED]

PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.

Reply via email to