IPTables and logging - performance issues?

HaJo Schatz hajo at hajo.net
Tue Oct 26 04:14:11 UTC 2004


On Tue, October 26, 2004 8:11, Ben Halicki said:
> Hi Alexander,
>
> Thanks for your reply.
>
> I am looking to setup a basic IDS system, where attempts to connect to
> certain ports are logged in the usual places.  At the moment, I am logging
> connections to telnet ports, then I run a script every night to report on
> connection attempts.
>
> Hardware specs shouldn't be a problem, server has only just been purchased
> and runs dual xeon cpus, scsi drives etc.  I guess by your suggestions,
> the only time performance might be an issue, is during an attack (portscan
> etc), which would probably hinder performance anyway.

I'm logging rejected packets (only. Ie no accepted pckgs) on a P3 1G, ATA
and don't see significant performance drops on typical outbreaks.

HaJo

-- 
HaJo Schatz <hajo at hajo.net>
http://www.HaJo.Net

PGP-Key:  http://www.hajo.net/hajonet/keys/pgpkey_hajo.txt





More information about the fedora-list mailing list