Date: Tue, 15 Oct 2002 10:35:21 +0800 From: "Roman V. Mashak" <mrv@tv2.tomsk.ru> To: freebsd-questions@FreeBSD.ORG Subject: Re: monitor ALL connections to ALL ports Message-ID: <20021015023521.GB19297@mrv.tusur.ru> In-Reply-To: <20021014224225.GB61025@happy-idiot-talk.infracaninophi> References: <20021014205437.GA21823@blossom.cjclark.org> <NGBBIILBAKIFGHHCHOHPEEOMFJAA.maildrop@qwest.net> <20021014224225.GB61025@happy-idiot-talk.infracaninophi>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Oct 14, 2002 at 11:42:25PM +0100, Matthew Seaman wrote: > > I want to log all connections, regardless if they failed or > > successed, regardless if they have a daemon running on that port or > > not. > The only way I can think of to achieve what you want -- logging every > packet received by your machine -- is to use ipfw(8) and add the 'log' > keyword to all appropriate rules. You'll need to have a lot of space > in /var and bump up the net.inet.ip.fw.verbose_limit sysctl to some Could you describe some methods of counting /var-partition size for saving there: 1) 'maillog' data 2) 'ipfw' logs. Thanks in advance. > huge limit and run 'ipfw resetlog' at regular intervals (or ipfw(8) [skip] -- Best regards, Roman To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20021015023521.GB19297>