Hello,

I have a centralized syslog server, and am wondering if there is a way to log all network connections to it (Primarily incoming, such as FTP, httpd, SSH, etc). Essentially what I would like is to get the information seen in netstat or lsof logged line by line, realtime. Is there a program to do this? I would think this is relatively common, but I have had no luck searching for it. Thanks for your time!

Are you asking how to log to a logserver in general?

Daemons log their own connections. You just need to make sure they are well configured, and that they are logging to syslog. As long as your system logger is sending to the logserver, there will be an auditable log on the server of all the connections.

Otherwise you need to find some general purpose connection logger, you may try something like grsec which can log all sorts of things (but beware it can log a lot) or some program (can't think of one off the top of my head that doesn't also record packets...)

Thanks for the reply. I have setup lots of different things to log, just wondering how to log information about connections to the network. Essentially how do I log information such as this as it happens:

sshd 5571 root 4u IPv4 115178105 TCP 1.2.3.4:ssh->5.6.7.8:51185 (ESTABLISHED)

Obviously I am getting information logged from Apache as far as who connects to the webserver, and mail servers are logging IP's of people that connect to that service, but I am looking for a daemon I can run that will essentially give me the info that netstat or lsof will give, which I can then have logged. Basically I what I would like is for something like netstat to run and all new entries that would show up when someone connects to any port on the system would generate a log entry. Thanks again!

you can try using traffpro (http://en.traffpro.ru).

It has a good logging system and you can easily control whoi logs in and who logs out of your network using a graphical monitoring system.