[FreeNX-kNX] Logging user traffic

mir mir at ogrody.gda.pl
Fri Feb 9 16:12:49 UTC 2007


I can log traffic without Mark (Mark probably do not work for OUTPUT
chain) for example:
iptables -A OUTPUT -o eth0 -syn -m owner --uid-owner 1000 -j LOG
--log-prefix -mirek-
Logs all ACK packets for user id 1000. 
Similar probably I can log packets with SYN flag. 
But quality of this tool is not good enough. 
Maybe someone  has good tools to decode this type of logs to get for
example number of transfered bytes instead of many logged ack packets.

Till now I prefer to hack kernel. Host with hacked kernel do not need
any log. If someone from outside claim, that there was any abuse from my
host, and He can give me a port on my host  and I can easy decode user
who made abuse. 

Mirek

On Thu, 2007-02-08 at 23:00 +0100, Revellion wrote:
> Why not use -m owner on the iptables of the freenx host to mark the
> packages?
> 
> like iptables -A OUTPUT -m owner --uid-owner <uid-of-a-user> -j MARK
> --set-mark 0xblahnumber ?
> 

> 




More information about the FreeNX-kNX mailing list