Ipfilter - logging tcp/upd connections

domingo, 8 de abril de 2012

First of all you need the ipfilter installed in you box, Ipfilter is a default software since HP-UX 11.23, for older you can download it free from software.hp.com.

1. Add the following rules to your Ipfilter.
The configuration file used for that is /etc/opt/ipf/ipf.conf.

pass in log first quick proto tcp from any to any flags S keep state
pass out log first quick proto tcp from any to any flags S keep state
pass in log first quick proto udp from any to any keep state
pass out log first quick proto udp from any to any keep state
pass in from any to any
pass out from any to any

2. Load the configuration file or restart the Ipfilter.

# /sbin/ipf -f /etc/opt/ipf/ipf.conf

Once the configuration is loaded every time a UDP or TCP connection is initiated it will be logged to the /var/adm/syslog/syslog.log
Can be a good idea now separate this log from syslog.