On Tue, 6 Nov 2001 10:33:10 -0800
Christopher Mahmood
* Alexander Reach (reach@martinsfeld.de) [011106 09:35]:
Since this distribution is on a CD, we can't install additional programs (surprise! ;) ).
Well, you can add a second cdrom drive with additional but that's a little ugly.
We don't want to install another machine as host for a logging program, so is it possible to use the IP-Chains log for traffic logging purposes, or is on the Firewall on CD a program, which is suitable for this ?
There really isn't anything on the CD like iptraf or ntop in the interest of only having absolutely necessary software on the firewall. ipchains logging only logs the headers for matched packets which really isn't what you are looking for probably.
If you do add a seperate logging host, another customer had an interesting solution to this: he configured a seperate logging machine outside of the firewall and cut the transmit pair in the cat5 cable...it never occured to me anyway.
Beware doing this though, as it will not work on alot of switches, as the link tests do not correctly function. Should work fine on hubs though. You are probably better running a log host over serial if you want it to be invisible... -- Viel Spaß Nix - nix@susesecurity.com http://www.susesecurity.com