HPE Community
Operating System - Linux
1828231 Members
2532 Online
109975 Solutions
New Discussion

Network Monitoring

 
SOLVED
Go to solution
Rosli Ahmad
Frequent Advisor

‎03-13-2003 07:44 PM

‎03-13-2003 07:44 PM

Network Monitoring

Hi,
I've just installed a RH8 to serve as our 'jumpoff' box into a particular network. This box should serve as a gateway to numbers of other servers within a private network. I need to know how can I generate reports on the incoming as well as outgoing connections made to and from this box. I know the 'last' command gives me the details on the incoming connection, but what about the outgoing connection from my jumpoff box? Is there any command I can issue or do I have to use other tools. Anyone has any idea what tools best suits my requirement? Thank you.

Regards.
0 Kudos
Reply
4 REPLIES 4
Stuart Browne
Honored Contributor

‎03-13-2003 08:08 PM

‎03-13-2003 08:08 PM

Solution

Re: Network Monitoring

Are you talking about data counters, or about traffic flow?

If you want data counters, the 'firewall' (iptables) counts data that passes through it.

If you want traffic flow, whilst iptables can also 'log' details, you probably would be more interested in 'tcpdump'.

If you are just after how often someone runs 'telnet' and other individual commands, it'd probably be easiest to create wrapper scripts to do the work for you, creating logs that you require.

The 'last' command you gave the example of only shows login based on utmp/wtmp (basically telnet/ssh logins, and maybe ftp logins as well). If you are wanting to watch other protocols, this is not suitable.
One long-haired git at your service...
Reply
Rosli Ahmad
Frequent Advisor

‎03-13-2003 10:44 PM

‎03-13-2003 10:44 PM

Re: Network Monitoring

Hi Stuart,
Thank you for the input.
I'm interested in knowing who are making connection to other servers from this box, be it thru telnet,rsh,ssh,etc. You suggestion would be to create wrapper scripts. I'm pretty new to scripting and not really sure what you mean by that. Could you pls. elaborate. I'd appreciate your reply. Thanking you in advance.

Regards
Rosli Ahmad.
0 Kudos
Reply
Sergejs Svitnevs
Honored Contributor

‎03-14-2003 08:01 AM

‎03-14-2003 08:01 AM

Re: Network Monitoring

You can use crontab and netstat. Check all the telnet (rsh, ssh...) connections going out of your machine and kill them if they are part of the 'bad address' list (or log each connection address and port number).

Another solution: set up iptables with logging to log only TCP connection initiation packets.

Regards,
Sergejs
Reply
Stuart Browne
Honored Contributor

‎03-16-2003 02:50 PM

‎03-16-2003 02:50 PM

Re: Network Monitoring

Sergejs's idea of using IPTables is probably the easiest:

iptables -A OUTPUT -j LOG -m state --state NEW -p tcp --dport 22 --log-prefix "SSH Connection: "

would do good to create an SSH login to a remote service.

Change the log-prefix and the dport as suits for different protocols.. or just leave that off and manually parse it afterwards..
One long-haired git at your service...
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.