Packet filtering firewalls check IP addresses and ports in every packet
header. They rarely look into the data. As I know, they watch the data when
the session is ftp-related and irc-related, etc. The log they generates is
hard to read. Maybe you should look for some application gateway firewall,
such as ITShield Firewall and Sidewinder Firewall. This type of firewalls
checks the data as well as IP addresses and ports, and generates the clear
and human-readable log.
Ida Young
"Charlie" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Hello all,
> I use netfilter/iptables to safeguard my debian gateway box and currently
I
> have a selection of -j LOG rules to monitor traffic such as SMTP/SSH.
>
> I would like to be able to log incoming traffic in a more advanced manner
> but, unfortunately, I cannot stick a snort box in front of my gateway (for
> many reasons - no spare hardware, I only have one public IP and my gateway
> runs quite a few public servers).
>
> What would anyone recommend as an alternative to snort that is an
> improvement over the standard -j LOG functionality?
>
> What I am after is a clear, concise, human-readable log that lists things
> such as connection attempts on certain ports, their frequency and their
> source.
>
> TIA,
> --
> Charlie aka gpuk
> E-mail? Remove the BLOCK to reply
|
Similar Threads
Linear Mode
