| Linux network administrator should record all the logs which will record all the clues to the unusual visit, and the firewall log is very important. The causes of the mistakes can be checked by the logs and more important is that the logs can record the traces of the attackers when the system is under hackers’ attack. By checking these traces, the system administrator can find the hackers’ certain methods and traits of the attacks so that he can do the process to prepare to defense the next attack.The paper is based on the background of network security. It designs a firewall which is based on Linux OS. Configured by IPtables and with the proxy software, it records the users’visit, the storage status of the cache and the cache access and analysis these data package by firewall logs tool.The paper brings out the research on firewall logs on Linux OS and accomplishs the research work below:1. Get familiar with Linux OS, and setting up XAMPP+GNUC/C++environment.2. Using IPtalbes to achieve packet filtering firewall technology in network layer and achieve firewall configuration, management and maintenance.3. Comprehend the ulogd software, install and configure it, send the IPtables log information of network layer firwall to My SQL for analyzing. By running in the web to render the application configuration data, such as the access time, protocol, entrance, the source address and other information.4. By analysing the logs of application layer firewall Squid, we can get the information of uers, access time and the website they visit.By analysing the data package of the firewall logs, we can inspect the usual actions in network and find out the current system leak, determine the weak link of network security, analysis and locate the possible attack, evaluate firewall’s stability and effectiveness, assist system administrator to improve system configuration, and significantly reduce the difficulties of firewall management. It has important practical significance in network security solution. |
PDF Full Text Request