- Logging network traffic - alternatives to snort?
PDA

View Full Version : Logging network traffic - alternatives to snort?

Charlie
07-24-2004, 09:50 PM
Hello all,
I use netfilter/iptables to safeguard my debian gateway box and currently I
have a selection of -j LOG rules to monitor traffic such as SMTP/SSH.

I would like to be able to log incoming traffic in a more advanced manner
but, unfortunately, I cannot stick a snort box in front of my gateway (for
many reasons - no spare hardware, I only have one public IP and my gateway
runs quite a few public servers).

What would anyone recommend as an alternative to snort that is an
improvement over the standard -j LOG functionality?

What I am after is a clear, concise, human-readable log that lists things
such as connection attempts on certain ports, their frequency and their
source.

TIA,
--
Charlie aka gpuk
E-mail? Remove the BLOCK to reply
Ida Young
07-24-2004, 09:51 PM
Packet filtering firewalls check IP addresses and ports in every packet
header. They rarely look into the data. As I know, they watch the data when
the session is ftp-related and irc-related, etc. The log they generates is
hard to read. Maybe you should look for some application gateway firewall,
such as ITShield Firewall and Sidewinder Firewall. This type of firewalls
checks the data as well as IP addresses and ports, and generates the clear
and human-readable log.

Ida Young


"Charlie" <usenetBLOCK@myrealbox.com> wrote in message
news:ih83ovkp3i4uf0ceekchera0jtmk8pmiq8@4ax.com...
> Hello all,
> I use netfilter/iptables to safeguard my debian gateway box and currently
I
> have a selection of -j LOG rules to monitor traffic such as SMTP/SSH.
>
> I would like to be able to log incoming traffic in a more advanced manner
> but, unfortunately, I cannot stick a snort box in front of my gateway (for
> many reasons - no spare hardware, I only have one public IP and my gateway
> runs quite a few public servers).
>
> What would anyone recommend as an alternative to snort that is an
> improvement over the standard -j LOG functionality?
>
> What I am after is a clear, concise, human-readable log that lists things
> such as connection attempts on certain ports, their frequency and their
> source.
>
> TIA,
> --
> Charlie aka gpuk
> E-mail? Remove the BLOCK to reply