Answer the question
In order to leave comments, you need to log in
S
S
Sergey2016-08-05 12:45:00
Sergey, 2016-08-05 12:45:00
How to do full traffic logging + filtering (Debian 7.11)?
There is a Debian
-based machine that acts as a corporate gateway and firewall. ( Shorewall ) At the moment, users access the Internet through the Squid proxy server , which performs traffic logging and filtering. The task is to completely get rid of Squid , while retaining the ability to fully log requests on the network, as well as to be able to filter (?)
What free Open Source solutions can be used for this purpose?
PS Can Shorewall (logging of passing packets through iptables) come up for these purposes?
PPS Is it reasonable to use tcpdump (for further analysis of traffic by Wireshark)?
2 answer(s)
@vvpoloskin
@Zarom
V
Valentin, 2016-08-05 @vvpoloskin
It depends on what goals of logging you are pursuing.
1) iptables and add-ons. Records of the form "the packet went through such and such a rule then" will be stored.
2) tcpdump can also store the insides of user packets. Do you need it? And the place on the hard drive is not rubber.
3) can you try netflow?
4) Maybe not get rid of squid completely, but make transparent proxying?
D
Dmitry Shitskov, 2016-08-05 @Zarom
The most convenient web traffic control tool is, of course, squid.
Full traffic control is possible using Snort, Suricata.
Similar questions
A
Alexander Mekhonoshin2014-05-09 13:46:07
How to get webkit screenshots from the command line?
5Reply
M
D
Z
D
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question