mharris at meteng
Feb 16, 2000, 5:33 AM
Post #1 of 1
Does the current kernel (2.2.x) have any provisions for logging
Firewall packet logging question?
or capturing the ENTIRE IP packet which matches a particular
What I'd like to do is capture every packet that matches certain
rules, and have some way of identifying each raw packet with the
log entry in syslog to which it was captured.
In other words, the rules I have may block say a UDP datagram
sent to port 53, and log this (ipchains --log) to syslog. This
tells me some info about the packet, however the actual packet
itself is gone. I'd like something like this:
The syslog entry is flagged with a unique identifier of some
kind, perhaps the "fwmark", and the actual packet is logged to
some sort of file or database and identified by the "fwmark" that
Is this possible? Or must I use some other mechanism? Would I
need to patch the kernel to implement this, or does the kernel
include a mechanism (which I think it does) to do this allready?
Instead of the packets getting logged by the kernel somewhere, it
would be acceptable for them to be passed to a user level daemon
for processing and logging if necessary.
Thank you for your time!
Mike A. Harris Linux advocate
Computer Consultant GNU advocate
Capslock Consulting Open Source advocate
Join the FreeMWare project - the goal to produce a FREE program in
which you can run Windows 95/98/NT, and other operating systems.
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo [at] vger
Please read the FAQ at http://www.tux.org/lkml/