Easiest way to log interface (eth or tun/tap) connections (traffic?)

[popecrob]

I know ntop, but i need a very simple (low power) stuff to make logfile from the network interfaces (wich local IP communicates with other IPs, maybe with the traffic-size but its not important). I'm using iftop -i interfacename, wich is the most friendly and simply monitoring program i've ever seen and I want to make a same detailed log file somehow with something. Is there a simple solution for this?

Thanks!

[si_ed]

Tcpdump would create a detailed log. You can configure it to capture headings and even full packets.

[popecrob]

Tcpdump would create a detailed log. You can configure it to capture headings and even full packets.

Thank you! It seems very useful!

Just one more question, i've read the man of tcpdump, but i don't found it in the options, is it capable to log only one "who talking to who" with same ip pairs? So if ip1 have a connection with ip2, than it will writes in the log file, and if it has this connection (ip1 to ip2) again, just drop it out, and wait for next pairs (eg. ip1 to ip3 and writes to log), or should I write a script to make it work? Thanks.

[si_ed]

By default it logs everything that crosses the interface. You can use src and dst to make specific rules.

[popecrob]

I've tried, but maybe its not that tool what I'm looking for. It makes very huge log files in a very short time, with a very light traffic. I would like to make a logfile like this (eg. with a daily cycle):

2011_08_30_tun0_connections.log

wich contains:

src ip | dst ip | traffic
---------------------
1.2.3.4 - 2.3.4.5 - 380kb
1.2.3.4 - 4.5.6.7 - 10 kb
1.2.3.5 - 5.6.7.8 - 130 kb
1.2.3.6 - 4.5.6.7 - 21 kb
1.2.3.6 - 6.7.8.9 - 1 kb

The traffic column is not so important but I would log every connections between my IPs to Remote IPs, it would be a lot "space friendly" logfile than a tcpdump can create. "Iftop" shows the best what I want, but it is a monitor, so shows the current/actual connections, not the whole day's connections, and can't make a logfile.

So do you think guys is it possible? If yes, how?

[si_ed]

Would iptraf do what you need?

[popecrob]

Unfortunately no, because it just shows the actual connections, so if a connection not live for a while, it'll be removed from the list. But I need the closed connections as well.