[prev in list] [next in list] [prev in thread] [next in thread]
List: freenx-knx
Subject: Re: [FreeNX-kNX] Logging user traffic
From: mir <mir () ogrody ! gda ! pl>
Date: 2007-02-09 16:12:49
Message-ID: 1171037569.6588.31.camel () mir ! ogrody
[Download RAW message or body]
I can log traffic without Mark (Mark probably do not work for OUTPUT
chain) for example:
iptables -A OUTPUT -o eth0 -syn -m owner --uid-owner 1000 -j LOG
--log-prefix -mirek-
Logs all ACK packets for user id 1000.
Similar probably I can log packets with SYN flag.
But quality of this tool is not good enough.
Maybe someone has good tools to decode this type of logs to get for
example number of transfered bytes instead of many logged ack packets.
Till now I prefer to hack kernel. Host with hacked kernel do not need
any log. If someone from outside claim, that there was any abuse from my
host, and He can give me a port on my host and I can easy decode user
who made abuse.
Mirek
On Thu, 2007-02-08 at 23:00 +0100, Revellion wrote:
> Why not use -m owner on the iptables of the freenx host to mark the
> packages?
>
> like iptables -A OUTPUT -m owner --uid-owner <uid-of-a-user> -j MARK
> --set-mark 0xblahnumber ?
>
>
________________________________________________________________
Were you helped on this list with your FreeNX problem?
Then please write up the solution in the FreeNX Wiki/FAQ:
http://openfacts.berlios.de/index-en.phtml?title=FreeNX_FAQ
Don't forget to check the NX Knowledge Base:
http://www.nomachine.com/kb/
________________________________________________________________
FreeNX-kNX mailing list --- FreeNX-kNX@kde.org
https://mail.kde.org/mailman/listinfo/freenx-knx
________________________________________________________________
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic