-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Look into PSAD and NTOP. NTOP like snort/wireshark in that is monitors/analyzes traffic and protocols - but is has a good API in which you could pull data you need. PSAD works with IPTABLES, does dynamic firewalling, but I have used it for its logging functions and additional information it captures to aid in hardening an environment. Chris Niesen wrote: > I am trying to setup a server/app that can log when a certain port has been > accessed on an inbound interface on my firewall. I don't need the whole > contents of the packet, just the port number accessed (I have certain ports > to filter and define, i.e. ssh, http, https), the time and the date. I also > want to have this dumped to a text file, with a preset size limit that will > automatically save to a new file once the threshold has been reached. I > already have a port mirror setup on my core switch to dump all the traffic > there so I can see all of it, I just am having a log of trouble filtering > and logging exactly what I need with an app. I have tried writing my own > custom snort rules, and dumping it to a file, but I can't seem to get that > right. I also have written capture filters for wireshark; those pick up > only the packets I want, but, they log the whole packet, not just the > information I am looking for. Does anyone on the list have any experience > with this type of thing? > > > Thanks in advance > > > ------------------------------------------------------------------------ > > _______________________________________________ > TCLUG Mailing List - Minneapolis/St. Paul, Minnesota > tclug-list at mn-linux.org > http://mailman.mn-linux.org/mailman/listinfo/tclug-list -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) iD8DBQFIG10QvE9HrEfeE4cRAlrCAKDJM8FrwtMo1vHySrBrg4iaf0zU+QCdHT4B NCoNO8R4YPQlGckCNINuAWQ= =vRX+ -----END PGP SIGNATURE-----