[Shorewall-users] SHorewall and Accounting Scripts

John Leach shorewall@osware.net
Tue, 23 Apr 2002 17:19:43 +1000


I've also been looking at iam.

It seems to me that this dump needs to be run from cron every few hours, so 
the shorewall start file is not the place for it.
Probably need to create a shell script containing those few lines and execute 
that from cron.

On a more general note my assessment on using iam is that to get analysis by 
ip address range requires setting up entries in the hosts file for the 
different ip address ranges where accounting is required.

Accounting by port seems to be impossible (please correct me anyone if I am 
wrong) because most of the traffic comes through as a single 
"RELATED,ESTABLISHED'  byte count for a zone2zone chain; and is not broken 
down by port.
If anyone understands what I am talking about and can suggest a work around I 
would be grateful.

John Leach

On Sun, 21 Apr 2002 23:30, Tom Eastep wrote:
> On Sun, 21 Apr 2002, Christian Lox wrote:
> > Now on to my qestion:
> > I am using Shorewall among other machines on an new server where we
> > need some kind of accounting.
> > The script we would like to use for this is iam
> > (http://intevation.de/iam/).
> > The docs say:
> > Alternatively you can use your own iptables script and only add the
> > 'dump' option, which should do:
> >     DATE=`date '+%Y%m%d%H%M%S'
> >     echo "START $DATE" >> $DUMPFILE
> >     iptables -vnxZ -L --line-numbers -t filter >> $DUMPFILE
> >     echo "END $DATE" >> $DUMPFILE
> > What is the right place in the shorewall files to place this?
> Presumably in /etc/shorewall/start (you'll have to create that file).
> -Tom

Scanned for viruses at osware.net