01-11-2016
Quote:
Originally Posted by
[xEF]Danger
How to make a log that will log all ips that connect to the server or send packets?
While this is perhaps possible (look into
tcpdump if you insist) you don't want to do that. Usually a server has one or at best several services it offers - like "web services" if it is a web server, etc.. This makes one or several ports (for the exemplary webserver this is 80 - HTTP) necessary. Identify these, close all the others and log only those really necessary. Most network-applications (web server software, for instance) offer specialized logging facilities for what they do. You should use these.
Quote:
Originally Posted by
[xEF]Danger
And how to block an ip that make packets flood and try to DDoS? Thanks.
Not at all. Of course, there are IP-filtering programs like "iptables", but a "server" should do what it is intended to do - nothing else. For everything else there are specialized machines (firewalls, packet filters, etc.) which you should task with filtering the IP packets for things not to be processed. Put such a system "in front of" the server and route all traffic through it, dropping what should not be processed.
I hope this helps.
bakunin
10 More Discussions You Might Find Interesting
1. Shell Programming and Scripting
I am not what I would call an experienced programmer.
I know some ksh etc..
I need to be able to listening on a port for incoming data on a ultra 10 using solaris 9. Basically all that I need to do at the moment is to log the incoming data on a specific port number.
Any ideas on how I... (6 Replies)
Discussion started by: frustrated1
6 Replies
2. Programming
Hi all,
In need to know why my sample code below that connect to a rlogind (513) fails, but original unix rlogin does not ? (.rhosts is verified to be correct)
I heard rlogin/rsh bind to a reserved port before connecting to the rlogin server. what are they ???
s = socket(AF_INET,... (1 Reply)
Discussion started by: andryk
1 Replies
3. AIX
Hello, we recently configured syslog on one of our machines with the following line in /etc/syslog.conf
*.info /audit/syslog.log rotate time 1d compress
However it does not seem to be logging incoming ftp connections, only outgoing ftp connections? Is there a way to log incoming ftp... (2 Replies)
Discussion started by: zuessh
2 Replies
4. UNIX for Dummies Questions & Answers
hi
I have a bit of a problem i need help with.
I have a script that runs no problems when i run it manually. as soon as i stick in
tester: /app/scripts/run.pl
into /etc/aliases & try to run it by sending a mail it doesnt work.
the output files are owned by daemon, which i dont like & think... (7 Replies)
Discussion started by: jojo77
7 Replies
5. IP Networking
I have a few clients connecting to the server(which is using select()) and theyre trying to send messages to each other. How do I wait for input on stdin and at the same time I wait for data to being sent from the server? Should I use select() in my client too? How exactly though? (1 Reply)
Discussion started by: charlitos
1 Replies
6. Shell Programming and Scripting
Hi,
If I am getting any new mail in my mail box I need an alet message . Please help me to get the script .. (1 Reply)
Discussion started by: pranabrana
1 Replies
7. Solaris
i've been able to log incoming telnet and ssh connections on solaris 9 using the following lines in /etc/syslog.conf
# Telnet connections are logged to auth.notice
auth.notice /var/adm/authlog
# An entry in /etc/profile logs all telnet connections... (2 Replies)
Discussion started by: soliberus
2 Replies
8. Linux
I am using Linux box. i am able to send mails through sendmail to local and other domains.
i am not receving any incoming mails.
dovecot service is running. (4 Replies)
Discussion started by: harishindn
4 Replies
9. Shell Programming and Scripting
Hi all,
I am working on a shell script that blocks all incoming and outgoing connections
for 10 hours. After then hours everything will be unblocked again.
i am using the ipfw command and put it to sleep the amount of time in seconds.
ipfw -q flush
ipfw -f add deny tcp from any to... (8 Replies)
Discussion started by: runtimeError
8 Replies
10. Shell Programming and Scripting
I am having a big problem with lost internet connections with my DSL.
I would like to create a log to be able to show the technician when he comes next week.
I would like for it to only log pings that generate 100% packet loss. Thanks..
This script generates all ping attempts including... (4 Replies)
Discussion started by: drew77
4 Replies
LEARN ABOUT DEBIAN
mergelogs
MERGELOGS(1) General Commands Manual MERGELOGS(1)
NAME
mergelogs - merge and consolidate web server logs
SYNOPSIS
mergelogs -p penlog [-c] [-d] [-j jitter] [-t seconds] server1:logfile1 [server2:logfile2 ...]
EXAMPLES
mergelogs -p pen.log 10.0.0.1:access_log.1 10.0.0.2:access_log.2
mergelogs -p pen.log 10.0.18.6:access_log-10.0.18.6 10.0.18.8:access_log-10.0.18.8
DESCRIPTION
When pen is used to load balance web servers, the web server log file lists all accesses as coming from the host running pen. This makes it
more difficult to analyze the log file.
To solve this, pen creates its own log file, which contains the real client address, the time of the access, the target server address and
the first few bytes of the requests.
Mergelogs reads pen's log file and the log files of all load balanced web servers, compares each entry and creates a combined log file that
looks as if the web server cluster were a single physical server. Client addresses are replaced with the real client addresses.
In the event that no matching client address can be found in the pen log, the server address is used instead. This should never happen, and
is meant as a debugging tool. A large number of these indicates that the server system date needs to be set, or that the jitter value is
too small.
You probably don't want to use this program. Penlog is a much more elegant and functional solution.
OPTIONS
-c Do not cache pen log entries. The use of this option is not recommended, as it will make mergelogs search the entire pen log for
every line in the web server logs.
-d Debugging (repeat for more).
-p penlog
Log file from pen.
-j jitter
Jitter in seconds (default 600). This is the maximum variation in time stamps in the pen and web server log files. A smaller value
will result in a smaller pen log cache and faster processing, at the risk of missed entries.
-t seconds
The difference in seconds between the time on the pen server and UTC. For example, this is 7200 (two hours) in Finland.
server:logfile
Web server address and name of log file.
AUTHOR
Copyright (C) 2001-2003 Ulric Eriksson, <ulric@siag.nu>.
SEE ALSO
pen(1), webresolve(1), penlog(1), penlogd(1)
LOCAL MERGELOGS(1)