IPTables and logging - performance issues?
HaJo Schatz
hajo at hajo.net
Tue Oct 26 04:14:11 UTC 2004
On Tue, October 26, 2004 8:11, Ben Halicki said:
> Hi Alexander,
>
> Thanks for your reply.
>
> I am looking to setup a basic IDS system, where attempts to connect to
> certain ports are logged in the usual places. At the moment, I am logging
> connections to telnet ports, then I run a script every night to report on
> connection attempts.
>
> Hardware specs shouldn't be a problem, server has only just been purchased
> and runs dual xeon cpus, scsi drives etc. I guess by your suggestions,
> the only time performance might be an issue, is during an attack (portscan
> etc), which would probably hinder performance anyway.
I'm logging rejected packets (only. Ie no accepted pckgs) on a P3 1G, ATA
and don't see significant performance drops on typical outbreaks.
HaJo
--
HaJo Schatz <hajo at hajo.net>
http://www.HaJo.Net
PGP-Key: http://www.hajo.net/hajonet/keys/pgpkey_hajo.txt
More information about the fedora-list
mailing list