Discussion:
Keep trace of ping request
Rocky Hotas
2014-08-25 10:16:00 UTC
Permalink
Hello!
I am sorry if my question looks trivial, but is there any way to keep trace of ping requests in NetBSD?
No file in my /var/log directory has been modified after a ping request sended from another host. Can I add some settings in a configuration file in order to log these events? And (if yes) what is the log file to be considered?
Thank you anyway

Rocky
J. Lewis Muir
2014-08-25 14:44:22 UTC
Permalink
On 8/25/14, 5:16 AM, Rocky Hotas wrote:
> Hello!
> I am sorry if my question looks trivial, but is there any way to keep
> trace of ping requests in NetBSD?

Hi, Rocky.

You can do that with NPF [1] as of NetBSD 6. Create a logging rule
procedure, and apply that to a rule that matches the ICMP packets you
want to log.

Lewis

[1] http://www.netbsd.org/~rmind/npf/
herbert langhans
2014-08-25 14:21:06 UTC
Permalink
From: Rocky Hotas <***@post.com> [140825 14:01]
Hello!
I am sorry if my question looks trivial, but is there any way to keep trace of ping requests in NetBSD?
No file in my /var/log directory has been modified after a ping request sended from another host. Can I add some settings in a configuration file in order to log these events? And (if yes) what is the log file to be considered?
Thank you anyway
Rocky

I am not sure you look for such an advanced solution. But with snort (an
intruder dedection program) you can log such events easily.

herb langhans
Christos Zoulas
2014-08-25 16:30:26 UTC
Permalink
In article <***@manul.langhans.com.pl>,
herbert langhans <***@langhans.com.pl> wrote:
> From: Rocky Hotas <***@post.com> [140825 14:01]
> Hello!
> I am sorry if my question looks trivial, but is there any way to
>keep trace of ping requests in NetBSD?
> No file in my /var/log directory has been modified after a ping
>request sended from another host. Can I add some settings in a
>configuration file in order to log these events? And (if yes) what is
>the log file to be considered?
> Thank you anyway
> Rocky
>
>I am not sure you look for such an advanced solution. But with snort (an
>intruder dedection program) you can log such events easily.

or go lo-tech and use tcpdump. But be careful not to put the interface
in promiscuous mode because performance will suffer.

christos
Rocky Hotas
2014-08-28 10:35:17 UTC
Permalink
Thank you to all the users that replied.
I will try the solutions proposed, but according to your answers it seems that there is no "embedded" way in the system to log ping requests (unlike a user's login, for example, which is easily logged into a file). Is it so?

Rocky


> Sent: Monday, August 25, 2014 at 6:30 PM
> From: "Christos Zoulas" <***@astron.com>
> To: netbsd-***@netbsd.org
> Subject: Re: Keep trace of ping request
>
> In article <***@manul.langhans.com.pl>,
> herbert langhans <***@langhans.com.pl> wrote:
> > From: Rocky Hotas <***@post.com> [140825 14:01]
> > Hello!
> > I am sorry if my question looks trivial, but is there any way to
> >keep trace of ping requests in NetBSD?
> > No file in my /var/log directory has been modified after a ping
> >request sended from another host. Can I add some settings in a
> >configuration file in order to log these events? And (if yes) what is
> >the log file to be considered?
> > Thank you anyway
> > Rocky
> >
> >I am not sure you look for such an advanced solution. But with snort (an
> >intruder dedection program) you can log such events easily.
>
> or go lo-tech and use tcpdump. But be careful not to put the interface
> in promiscuous mode because performance will suffer.
>
> christos
>
>
Continue reading on narkive:
Loading...