Installed a clean ubuntu 18.04 and all the latest updates. There are two network cards. One looks to the Internet. The second is in the local network. There will be distributed online.

It is necessary to keep logs of all requests to the Internet from a local network quickly and simply. It will be enough

  • ip machines on the local network that sent the request
  • what were watching the ip address of the server
  • when watched

If this does not complicate the task, then I would like to:

  • mac address of the network card of the machine on the local network from which the request originated
  • not just the ip address of the server to which the request was sent, but the url address.

But the last two points are optional.

Logs should be kept constantly in the background. And start after reboot. It will be great if it is not just a txt file, but a log, which are automatically broken down by day and archived (like syslog).

How can this be done in the simplest way?

  • information can be obtained say tcpdump. And the syslog logs do not differ from ordinary txt files. For their archiving, third-party programs like logrotate are usually generally responsible (I don’t know which one is in ubuntu by default, but I’ll note that a dozen different programs of this kind are available in any linux) - Mike
  • @Mike, I haven’t found how to run it like a demon, so that it works on a permanent basis. How to customize it for my needs? - n.osennij
  • I'd rather have dug in the direction of logging directly using netfilter / iptables ... - Fat-Zer
  • @ Fat-Zer is possible in more detail? - n.osennij
  • @ n.osennij, iptables has two special purposes - LOG and NFLOG , the first sends messages in the format NFLOG in the code to the kernel log ( /proc/kmsg ), and the second allows you to send a user-specific daemon, for example ulogd , which can format everything arbitrarily or even write directly to the database ... - Fat-Zer

0