twitter |   ||  email | PGP --> harshal @

r00tst1llsabout m3

generating stats with your firewall | part - 1

sometime back last year i setup my firewall. i was a fan of dd-wrt but then moved to a machine that can do the same...a linux machine with two nics. set up iptables that was the first time i ever worked on the it. to be honest initially i thought iptables are nightmare and i really wanna stay away from them. but gradually i started getting a sense of it making way for the packets. as my mentor rightly says think like a packet.

so first things first you need a machine with two nics, operating system of choice mine is linux (headless preferably = less overheads). the first nic behaves as lan and the second as wan interface. lets dive in. the first piece of code below will basically collect stats from your kernel log every hour (manually insert this as a cron job to run hourly). what it does is it creates a file as scanip_new.log from kernel log for current time "minus" 1. then we use linux diff tool to generate difference between the new log and old log. the difference is recorded in a temp file scanip_diff.log. this file either you can process it on the same machine or push it to a different machine to start counting the scans. now note that there may be a better way to do this so please and please do let me know and i will be more than happy to correct myself... we begin with collecting the kernel log.

now lets create the database.

download shell script and save as .sh | download schema

Part -2

concept and design: harshdevX