[WBEL-users] Monitor users
Bill Davidsen
davidsen@tmr.com
Thu, 29 Jul 2004 11:01:33 -0400
whitebox@911networks.com wrote:
> Hi,
>
> I have a WBox acting as firewall. I'd like to track the outgoing
> traffic [web and others] with the IP address source [192.168.x.x]
> and the destination IP/port.
Why not just use iptables to generate a log entry when the socket is
opened (SYN) and closed (FIN/RST)? Or every packet if you really want to
have that level of info?
>
> I have have been using tcpdump for this, but I can't get it
> working from the a cron job.
>
> 1 0 * * * /usr/sbin/tcpdump -a -p -i eth0 tcp and dst port 80 > /log/port80_`date '+%F-%A'`.tcpdump
> 57 23 * * * /bin/ps auxw | grep nscd | grep -v grep | awk '{print $2}' | xargs kill
> 58 23 * * * /bin/cp /log/port80_`date '+%F-%A'`.tcpdump /log/backup/
> 59 23 * * * /bin/tar -czf /log/backup/p80_`date '+%F-%A'`.tar /log/backup/port80_`date '+%F-%A'`.tcpdump
>
>
> Any suggestion would be appreciated
>
--
-bill davidsen (davidsen@tmr.com)
"The secret to procrastination is to put things off until the
last possible moment - but no longer" -me