Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Logging network connections
Special Forums IP Networking Logging network connections Post 302303794 by humbletech99 on Friday 3rd of April 2009 01:04:23 PM
Old 04-03-2009
Are you asking how to log to a logserver in general?

Daemons log their own connections. You just need to make sure they are well configured, and that they are logging to syslog. As long as your system logger is sending to the logserver, there will be an auditable log on the server of all the connections.

Otherwise you need to find some general purpose connection logger, you may try something like grsec which can log all sorts of things (but beware it can log a lot) or some program (can't think of one off the top of my head that doesn't also record packets...)
 

9 More Discussions You Might Find Interesting

1. Linux

active network connections

how can i see active network connections (1 Reply)
Discussion started by: youmna
1 Replies

2. Solaris

Logging Connections in Solaris

Hi All, Is there a built in function/tool in Solaris that enables creation of a history file on any connection (via telnet, ssh, rsh or nfs) to Solaris machine? I would like to create a script that records IP Address, date and timestamp, and command excuted for any connection to a Solaris... (2 Replies)
Discussion started by: racbern
2 Replies

3. Solaris

logging incoming connections on solaris 10

i've been able to log incoming telnet and ssh connections on solaris 9 using the following lines in /etc/syslog.conf # Telnet connections are logged to auth.notice auth.notice /var/adm/authlog # An entry in /etc/profile logs all telnet connections... (2 Replies)
Discussion started by: soliberus
2 Replies

4. IP Networking

preferred network connections

I rotate between a static lan, dhcp lan, and various wireless networks daily. Is there a way to set preferred network connections? I use some static ip's daily, some static ip's like once a month, and almost never use the dhcp lan. The same I do with my various wireless networks. Some I use daily... (0 Replies)
Discussion started by: cokedude
0 Replies

5. IP Networking

2 WAN connections on 1 switch/network

I want to know potential problems with the following scenario OR if it is an ok way to have my network setup: I have 2 WAN connections to the internet. I have each WAN connection plugged into its own router. Router DD-WRT is gateway for servers (192.0.10.50). Router Tomato is gateway for pc's... (1 Reply)
Discussion started by: herot
1 Replies

6. UNIX for Advanced & Expert Users

Not logging ftp connections in /var/adm/wtmpx file (in last command output)

Hi all, I have F5 load balancer on my system and checking service status by opening an ftp session in every 30 seconds. These ftp sessions are being logged in /var/adm/wtmpx and filling up the file. when i run the last command most of the output is this ftp session. I was wondering if there is a... (1 Reply)
Discussion started by: cepxat
1 Replies

7. Shell Programming and Scripting

Could you help me writing a script showing which network connections are currently active?

Could you help me writing a script showing which network connections are currently active? Means output should be something like: "eth0, wlan1, wlan3" Problem: The output is supposed to happen on a 16x2 LCD Display. Currently I am doing a "Ifconfig" as output, but its too fast for the... (2 Replies)
Discussion started by: lordofazeroth
2 Replies

8. Solaris

Configuring central logging server for network devices

Hi I am very well aware of configuring central logging (syslog)server on solaris to capture logs of other solaris servers. But don't know how to capture the logs of network devices like Juniper , cisco etc on solaris server. Is this possible through syslog server of solaris. Is there any way we... (1 Reply)
Discussion started by: amity
1 Replies

9. UNIX for Advanced & Expert Users

Network Connections

I have a static IP 47.21.154.146 and two computers which I wish to talk to each other. The two IPs are 198.168.1.5 and 198.168.1.6. How do I do it. For example ls from one computer to the other. TIA (8 Replies)
Discussion started by: Meow613
8 Replies

LEARN ABOUT DEBIAN

sslh-select

SSLH(8) 																   SSLH(8)

NAME

	sslh - ssl/ssh multiplexer

SYNOPSIS

       sslh [-F config file] [ -t num ] [-p listening address [-p listening address ...] [--ssl target address for SSL] [--ssh target address for
       SSH] [--openvpn target address for OpenVPN] [--http target address for HTTP] [-u username] [-P pidfile] [-v] [-i] [-V] [-f] [-n]

DESCRIPTION

       sslh accepts connections in HTTP, HTTPS, SSH, OpenVPN, tinc, XMPP, or any other protocol that can be tested using a regular expression, on
       the same port. This makes it possible to connect to any of these servers on port 443 (e.g. from inside a corporate firewall, which almost
       never block port 443) while still serving HTTPS on that port.

       The idea is to have sslh listen to the external 443 port, accept the incoming connections, work out what type of connection it is, and then
       fordward to the appropriate server.

   Protocol detection
       The protocol detection is made based on the first bytes sent by the client: SSH connections start by identifying each other's versions
       using clear text "SSH-2.0" strings (or equivalent version strings). This is defined in RFC4253, 4.2. Meanwhile, OpenVPN clients start with
       0x00 0x0D 0x38, tinc clients start with "0 ", and XMPP client start with a packet containing "jabber".

       Additionally, two kind of SSH clients exist: the client waits for the server to send its version string ("Shy" client, which is the case of
       OpenSSH and Putty), or the client sends its version first ("Bold" client, which is the case of Bitvise Tunnelier and ConnectBot).

       If the client stays quiet after the timeout period, sslh will connect to the first protocol defined (in the configuration file, or on the
       command line), so SSH should be defined first in sslh configuration to accommodate for shy SSH clients.

   Libwrap support
       One drawback of sslh is that the ssh and httpd servers do not see the original IP address of the client anymore, as the connection is
       forwarded through sslh.	sslh provides enough logging to circumvent that problem.  However it is common to limit access to ssh using
       libwrap or tcpd. For this reason, sslh can be compiled to check SSH accesses against SSH access lists as defined in /etc/hosts.allow and
       /etc/hosts.deny.

   Configuration file
       A configuration file can be supplied to sslh. Command line arguments override file settings. sslh uses libconfig to parse the configuration
       file, so the general file format is indicated in <http://www.hyperrealm.com/libconfig/libconfig_manual.html>.  Please refer to the example
       configuration file provided with sslh for the specific format (Options have the same names as on the command line, except for the list of
       listen ports and the list of protocols).

       The configuration file makes it possible to specify protocols using regular expressions: a list of regular expressions is given as the
       probe parameter, and if the first packet received from the client matches any of these expressions, sslh connects to that protocol.

       Alternatively, the probe parameter can be set to "builtin", to use the compiled probes which are much faster than regular expressions.

OPTIONS

       -t num, --timeout num
	   Timeout before forwarding the connection to the first configured protocol (which should usually be SSH). Default is 2s.

       -p listening address, --listen listening address
	   Interface and port on which to listen, e.g. foobar:443, where foobar is the name of an interface (typically the IP address on which the
	   Internet connection ends up).

	   This can be specified several times to bind sslh to several addresses.

       --ssl target address
	   Interface and port on which to forward SSL connection, typically localhost:443.

	   Note that you can set sslh to listen on ext_ip:443 and httpd to listen on localhost:443: this allows clients inside your network to
	   just connect directly to httpd.

       --ssh target address
	   Interface and port on which to forward SSH connections, typically localhost:22.

       --openvpn target address
	   Interface and port on which to forward OpenVPN connections, typically localhost:1194.

       --xmpp target address
	   Interface and port on which to forward XMPP connections, typically localhost:5222.

       --tinc target address
	   Interface and port on which to forward tinc connections, typically localhost:655.

	   This is experimental. If you use this feature, please report the results (even if it works!)

       -v, --verbose
	   Increase verboseness.

       -n, --numeric
	   Do not attempt to resolve hostnames: logs will contain IP addresses. This is mostly useful if the system's DNS is slow and running the
	   sslh-select variant, as DNS requests will hang all connections.

       -V  Prints sslh version.

       -u username, --user username
	   Requires to run under the specified username.

       -P pidfile, --pidfile pidfile
	   Specifies a file in which to write the PID of the main server.

       -i, --inetd
	   Runs as an inetd server. Options -P (PID file), -p (listen address), -u (user) are ignored.

       -f, --foreground
	   Runs in foreground. The server will not fork and will remain connected to the terminal. Messages normally sent to syslog will also be
	   sent to stderr.

       --background
	   Runs in background. This overrides foreground if set in the configuration file (or on the command line, but there is no point setting
	   both on the command line unless you have a personality disorder).

FILES

       /etc/init.d/sslh
	   Start-up script. The standard actions start, stop and restart are supported.

       /etc/default/sslh
	   Server configuration. These are environment variables loaded by the start-up script and passed to sslh as command-line arguments. Refer
	   to the OPTIONS section for a detailed explanation of the variables used by sslh.

SEE ALSO

       Last version available from <http://www.rutschle.net/tech/sslh>, and can be tracked from <http://freecode.com/projects/sslh>.

AUTHOR

       Written by Yves Rutschle

v1.13b								    2012-08-26								   SSLH(8)
All times are GMT -4. The time now is 01:24 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy