Quoting Chris Niesen <chris.niesen at gmail.com>: > I am trying to setup a server/app that can log when a certain port has been > accessed on an inbound interface on my firewall. I don't need the whole > contents of the packet, just the port number accessed (I have certain ports > to filter and define, i.e. ssh, http, https), the time and the date. I also > want to have this dumped to a text file, with a preset size limit that will > automatically save to a new file once the threshold has been reached. I > already have a port mirror setup on my core switch to dump all the traffic > there so I can see all of it, I just am having a log of trouble filtering > and logging exactly what I need with an app. I have tried writing my own > custom snort rules, and dumping it to a file, but I can't seem to get that > right. I also have written capture filters for wireshark; those pick up > only the packets I want, but, they log the whole packet, not just the > information I am looking for. Does anyone on the list have any experience > with this type of thing? > > IPTables will do this, look into the LOG function. I would occasionally do this same thing for troubleshooting purposes. Josh