0

Today, I found my vps was in high load last night: enter image description here

Which make my vps be limited by service provider. Because this vps is my personal usage, large network connections when I sleep is impossible.But I didn't find a system log about this.

I search for a long time, lots articles only talk about log specific port: How to log the ip addresses trying to connect to a port?

Others are using netstat(or something similar) to show current access in command-line.

Is there any way(service?) to log what ip access what port in what time ?

Mithril
  • 503
  • 1
  • 7
  • 10

1 Answers1

1

Iptables has a logging function you can use instead of blocking or allowing, like on this:

   iptables -A INPUT -p tcp -j LOG

Or to log first and anything else later:

iptables -I INPUT 1 -p top -j LOG

Prefixes and other customizations are also available. Output will be on your kernel logging facilities, like the messages file, which you can also change with syslogng, rsyslog or what your distribution uses.

Ufw and firewalld may give you additional capabilities, a well as other solutions.

Netcat, as far as I know, will actually listen to the ports you specify, not just log them, so I don't think that's the ideal tool for your need. Tcpdump may be better:

tcpdump -no eth0 -w logfile.log not port 22 and not host 1.1.1.1 and not net 192.168.0.0/16
Zip
  • 204
  • 1
  • 7
  • 1
    Your iptables -A will most likely not do what you intend using -I is a much better idea when you do not know the state of someone's firewall. – user9517 Oct 09 '17 at 17:56
  • I wanted to interfere the least possible with existing rules, by logging after everything, but I agree that the command may not do anything this way. Editing accordingly... – Zip Oct 09 '17 at 18:01