Answer the question
In order to leave comments, you need to log in
How to do full traffic logging + filtering (Debian 7.11)?
There is a Debian
-based machine that acts as a corporate gateway and firewall. ( Shorewall ) At the moment, users access the Internet through the Squid proxy server , which performs traffic logging and filtering. The task is to completely get rid of Squid , while retaining the ability to fully log requests on the network, as well as to be able to filter (?)
What free Open Source solutions can be used for this purpose?
PS Can Shorewall (logging of passing packets through iptables) come up for these purposes?
PPS Is it reasonable to use tcpdump (for further analysis of traffic by Wireshark)?
Answer the question
In order to leave comments, you need to log in
It depends on what goals of logging you are pursuing.
1) iptables and add-ons. Records of the form "the packet went through such and such a rule then" will be stored.
2) tcpdump can also store the insides of user packets. Do you need it? And the place on the hard drive is not rubber.
3) can you try netflow?
4) Maybe not get rid of squid completely, but make transparent proxying?
The most convenient web traffic control tool is, of course, squid.
Full traffic control is possible using Snort, Suricata.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question