Re: IP logging tools for Solaris.
From: Neil Dickey (neil@geol.niu.edu)Date: 11/29/01
- Previous message: Doug Hughes: "Re: IP logging tools for Solaris."
- Maybe in reply to: mofo: "IP logging tools for Solaris."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-Id: <200111291528.JAA17051@shiloh.geol.niu.edu> Date: Thu, 29 Nov 2001 09:28:04 -0600 (CST) From: Neil Dickey <neil@geol.niu.edu> Subject: Re: IP logging tools for Solaris. To: focus-sun@securityfocus.com, mofo@thirddimension.net
"mofo" <mofo@thirddimension.net> wrote asking:
>I'm looking for something that will do simple IP logging (a la ippl for
>linux or iplog).
[ ... Snip ... ]
>Simple enough eh? Well is there anything out there that does this? Will it
>use syslog? Must it use libpcap (not friendly in solaris)?
IPFilter would do what you want. It works very well, is free, and can also
be configured to block packets selectively by port or source IP if desired.
You can find it through a link from this page ...
http://www.obfuscation.org/ipf/
... which is where the best documentation and "HowTo" things are to be
found.
It's a loadable kernel module, and logging is done through a separate
daemon called "ipmon" that can be configured to put the logs anywhere
you like.
I just checked the documentation and some modules apparently contain code
which is derived from libpcap, but I don't find mention of libpcap as a
requirement to compile.
Best regards,
Neil Dickey, Ph.D.
Research Associate/Sysop
Geology Department
Northern Illinois University
DeKalb, Illinois
60115
- Previous message: Doug Hughes: "Re: IP logging tools for Solaris."
- Maybe in reply to: mofo: "IP logging tools for Solaris."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
