我有一个防火墙,可以将数据发送到特定端口上的远程Linux服务器。我想捕获该数据并将其解析为存储在数据库中。
到目前为止,我已经尝试了tcpdump,nc和其他一些方法,但均未获得很大的成功。任何帮助表示赞赏。
tcpdump -ni device port 1234 -s0 -w capture.pcap
ÿÿEH¶@ 0c:EJ“ @Ϲr¢”ó<30> device =“ SFW” date = 2018-06-15 time = 04:10:49 时区=“ EDT” device_name =“ XG210” device_id = C2205ACMBG9B65A log_id = 010101600001 log_type =“防火墙” log_component =“防火墙规则” log_subtype =“允许” status =“允许”优先级=信息持续时间= 0 fw_rule_id = 2 policy_type = 1 user_name =“” user_gp =“” iap = 4 ips_policy_id = 0 appfilter_policy_id = 0 application =“” application_risk = 0 application_technology =“” application_category =“” in_interface =“ Port1” out_interface =“” src_mac = 00:0:00:0:00:0 src_ip = 111.11.1.111 src_country_code = R1 dst_ip = 111.111.11.11 dst_country_code =美国协议=“ TCP” src_port = 61257 dst_port = 80 sent_pkts = 0 recv_pkts = 0 send_bytes = 0 recv_bytes = 0 tran_src_ip = tran_src_port = 0 tran_dst_ip = 111.16.1.1 tran_dst_port = 3128 srczonetype =“ LAN” srczone =“ LAN” dstzonetype =“ WAN” dstzone =“ WAN” dir_disp =“” connevent =“开始” connid =“ 2721376288” vconnid =“” hb_health =“无心跳”消息=“” appresolvedby =“签名”
答案 0 :(得分:1)
我们已经开始使用https://www.graylog.org。在DigitalOcean托管上进行配置很容易。
步骤:
希望这会有所帮助。