[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: compare / contrast of linux fw and others

From: "Peter H. Lemieux" <phl cyways com>
To: Chan Kar Heng <khchan cyberdude com>
Cc: linux-security redhat com
Subject: Re: compare / contrast of linux fw and others
Date: Wed, 4 Nov 1998 09:15:32 -0500 (EST)

At 08:05 AM 10/28/98 -0500, Chan Kar Heng wrote:

> how about reporting? anything useful to please the eyes of the
> management people? 

Depends on what you're looking for.  Gross statistics on usage can be
collected with the IP accounting functions in the kernel.  You set up
rules with ipfwadm -A just like the other firewalling rules.

For more detailed reporting, we run the nacctd accounting daemon.  Look in
/system/network/management on your favorite sunsite mirror for the
net-acct package. One of my programmers wrote a small C program to take
the nacctd logs and produce a report of each workstation's Internet usage.
Here's a snippet of the log from one machine we manage: 

909664503 6 123.123.123.1   61386   205.139.170.48  80   2249 eth0 unknown
909664503 6 123.123.123.1   61386   205.139.170.48  80   2249 ets0 unknown
909664503 6 205.139.170.48  80      172.27.1.112    1045 36314 ets0 unknown
909664503 6 205.139.170.48  80      172.27.1.112    1045 36314 eth0 unknown

Fields are timestamp, protocol (tcp in this case), source addr, source
port, dest addr, dest port, traffic in bytes, interface, and username
(only for slip/ppp).

This is a transaction between a masqueraded host (172.27.1.112) and a
remote website via the masquerading gateway running nacctd (123.123.123.1,
obviously not its real address).  We throw out all the stuff on eth0 and
concentrate on ets0, which is a ET sync card that's connected to the
Internet.  We also ignore the outbound packets from the gateway to the
remote site and just use the ones destined for the internal host.  Each
night we run a cron job to compile all this stuff into a report for
management that lists every site each workstation visited that day and its
total traffic by type of service.

Pretty nosy, but part of being a consultant is being a hired gun!

Peter

-----

Peter H. Lemieux				Voice:	(800) 5-CYWAYS	
CYWAYS, Incorporated					(+1 617 796 8995)
19 Westchester Road				Fax:	(617) 796-8997
Newton, Massachusetts 02458-2519 USA		Web:    http://www.cyways.com

Follow-Ups:
- [linux-security] Re: compare / contrast of linux fw and others
  - From: Florin Andrei
- [linux-security] Re: compare / contrast of linux fw and others
  - From: Bobby Boone

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]