Kroon Information Systems

What is snifflog

Snifflog is a small program to sniff for log data. Written for use along with syslog-ng in weird configurations as discussed in a paper I've written that is available here.

The intended use is to allow system administrators to log to a network host that does not have an IP assigned to the interface.

How to configure, build and use

  1. Extract the archive
  2. Edit snifflog.c so that TARGET_IP matches up with the IP address your other hosts is configured to log to.
  3. Type make. After this there should be a snifflog executable.
  4. You can simply run this if the network interface is eth0 and the target device is lo (if we log to the currect host). Otherwise you can pass the device to sniff on as the first parameter.

So what is the point to this anyway?

My paper explains why something like this is needed, it also illustrates how this would typically work. The idea was orriginally to be able to have a host to which we can log, but that the host must be perfectly quiet. Not having an IP assigned to the external interface is ideal for doing this, even though we can go to much greater extents than simply not assigning an IP. The problem that becomes obvious is that if there is no IP assigned, how do we make the host receive data? A less obvious guestion is that of ARP. These are also handled in my paper.


Download: snifflog-0.1.tar.gz (1.8KB).