On 18/05/2011 22:51, Mr Dash Four wrote: > Having been waiting for this for ages, the ability to use the (pretty > robust and secure) audit structure in Linux to log traffic has been > finally integrated into the kernel, together with its supporting files > and extensions in iptables. Unfortunately, this would be available in > .39 version and above of the kernel, which is quite a long way away. > > The new AUDIT target logs the following elements of any traffic and is > protocol independent (so it could be used equally well in iptables and > ebtables): > > - netfilter hook > - packet length > - incomming/outgoing interface > - MAC src/dst/proto for ethernet packets > - src/dst/protocol address for IPv4/IPv6 > - src/dst port for TCP/UDP/UDPLITE > - icmp type/code > > This data is available through the audit daemon (auditd) and is also > retrievable using standard audit tools (ausearch/aureport).
Aha - this sounds perfect for my needs (see question a day ago about logging all traffic using NFLOG for accounting purposes). I haven't come across AUDIT before though... Obviously apart from hitting google right away, where can I learn about the AUDIT target and find api info to build my own auditd demon? Thanks Ed W ------------------------------------------------------------------------------ What Every C/C++ and Fortran developer Should Know! Read this article and learn how Intel has extended the reach of its next-generation tools to help Windows* and Linux* C/C++ and Fortran developers boost performance applications - including clusters. http://p.sf.net/sfu/intel-dev2devmay _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
