I am trying to setup a server/app that can log when a certain port has been accessed on an inbound interface on my firewall. I don't need the whole contents of the packet, just the port number accessed (I have certain ports to filter and define, i.e. ssh, http, https), the time and the date. I also want to have this dumped to a text file, with a preset size limit that will automatically save to a new file once the threshold has been reached. I already have a port mirror setup on my core switch to dump all the traffic there so I can see all of it, I just am having a log of trouble filtering and logging exactly what I need with an app. I have tried writing my own custom snort rules, and dumping it to a file, but I can't seem to get that right. I also have written capture filters for wireshark; those pick up only the packets I want, but, they log the whole packet, not just the information I am looking for. Does anyone on the list have any experience with this type of thing? Thanks in advance -- Chris Niesen -------------- next part -------------- An HTML attachment was scrubbed... URL: http://mailman.mn-linux.org/pipermail/tclug-list/attachments/20080501/1ad38933/attachment.htm