<p class="MsoNormal">I am trying to setup a server/app that can log when a
certain port has been accessed on an inbound interface on my firewall.<span style=""> </span>I don't need the whole contents of the
packet, just the port number accessed (I have certain ports to filter and
define, i.e. ssh, http, https), the time and the date.<span style=""> </span>I also want to have this dumped to a text
file, with a preset size limit that will automatically save to a new file once
the threshold has been reached.<span style=""> </span>I
already have a port mirror setup on my core switch to dump all the traffic
there so I can see all of it, I just am having a log of trouble filtering and
logging exactly what I need with an app.<span style="">
</span>I have tried writing my own custom snort rules, and dumping it to a
file, but I can't seem to get that right.<span style="">
</span>I also have written capture filters for wireshark; those pick up only
the packets I want, but, they log the whole packet, not just the information I
am looking for.<span style=""> </span>Does anyone on the list
have any experience with this type of thing?<br> </p>
<p class="MsoNormal">Thanks in advance</p>
-- <br>Chris Niesen