log network activity in ubuntu server

I administer an Ubunu Server exposed to the internet and have the need to monitor and keep track of all the network activity in a manner that allows me to analyze it afterwards.

I already tried some tools, such as tshark or tcpdump, which give me too much detail, vnstat, which does not give me the detail I want (It shows only the bandwidth), and tcptrack, which is OK as a real time monitoring tool but gives me no logging option for further analysis.

What I have in mind is something between tcptrack and vnstat:

A daemon which logs every connection and, when needed, it provides me with a comprehensive report showing IPs, ports and timestamps of every established connection, and every connection attempt (so, it should also show the SYN packets of the connections dropped by iptables). Ideally (this is just a bonus point :), it would store information into some sql database, such as mysql or postgresql, which would allow to execute arbitrary select statements in order to obtain custom reports (for example, monitor all the activity coming from a single IP, or extract a list of all IPs using a specific service).

I must say that I already tried combining some tools, like logging with tcpdump and then showing the results using tcptrack, but I it didn't work as expected.

So, is there any tool close to this "idea"?

7
2022-07-25 20:41:11
Source Share
Answers: 0