ippl
is an IP protocols logger. It logs incoming TCP connections, UDP
datagrams and ICMP packets sent to a host.
ippl
is based on the well-known iplogger written by Mike Edulla. The main
drawback of iplogger is that it is not (easily) configurable.
ippl
has been written keeping in mind that it should be extremely
configurable and it should be easy to extend its logging capabilities.
OPTIONS
-c file-name, --config file-name
file-name specifies an alternate configuration file to use. By
default, CONFIGURATION_FILE is used.
-h, --help
Print a usage message on standard output and exits successfully.
-n, --nodaemon
This option cause
ippl
not to place itself in the background. The log messages will be logged
to standard output instead of using syslog.
SIGNALS
ippl
reacts to certain signal. An easy way to send it signals is to use the
following command:
kill -SIGNAL `cat PID_FILE`
SIGHUP
This causes
ippl
to close all the open sockets and log files, reread the configuration
file and restart. Note that this signal should be sent to ippl if the
log files are renamed or deleted.
SIGTERM
ippl
will cleanly die.
SIGINT
If
ippl
has been started with th -n option, it will cleanly die.
FILES
/etc/ippl.conf - configuration file
/usr/share/doc/ippl/* - files worth reading if you still have a question
/var/run/ippl/ippl.pid - file containing the PID of the running ippl
New stable releases can be dowloaded via FTP on sunsite.unc.edu in
/pub/Linux/system/network/daemons.
MAILING LISTS
Two mailing lists have been setup. Send an email to
listar@via.ecp.fr to subscribe to the announcement list
(ippl-announce) or to the development list (ippl).
BUGS
If
ippl
spends too much time resolving host names, some packets may not be
logged.
The logclosing option logs TCP connection terminations. However, it
logs terminations initiated by both ends, which is not the expected
behavior.