How to log traffic on the server?

N

nosennij2019-04-04 00:53:26

linux

nosennij, 2019-04-04 00:53:26

The plan is to install a clean ubuntu server 18.04 on a machine with two network cards. One card will receive internet from the provider. The second is a local network through which users will access the Internet. In a word - the Internet gateway. It is required to keep logs - who went where. It would be great if you could see the mac address of the device in the logs. Read about tcpdump and `tcpdump -i INTERFACENAME -e` - to display data with mac address. But I can't find any information anywhere on how to leave tcpdump running as a service. Logging should be ongoing.
I have mysql on another machine. There I enabled logging of all queries to the database. And the best part is that the logs are automatically split by day and automatically archived. I wish it was the same here.
How can the task be completed?
Ideal - something simple and quickly customizable/installable. Installed, configured with a couple of commands - and it works all the time, you can forget it.

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

A

alfss, 2019-04-04
@alfss

xgu.ru/wiki/NetFlow

R

Ronald McDonald, 2019-04-04
@Zoominger

Squid can do it, you can also tinker with pfsence, it can also.

C

CityCat4, 2019-04-04
@CityCat4

tcpdump won't help you. Well, you will see that people went to mail.ru, for example. By https. There are a lot of services inside mail.ru - mail, music, video, even dating :) You won't see all this.
Statistics is a by-product of control.
You will need a squid with ~~blackjack and girls~~ bumping and stats. Moreover, statistics for squid are still to be looked for - despite the fact that everyone needs it, there is no noticeable and well-known project.