Connection Logger is network traffic monitoring tool. This tool is used to monitor the communication between two servers and generate logs.
The tool requires the IP Address of the server where it's running and the TCP/UDP ports which needs to be monitored. Using the ports and IP address it listens to the ports and will log the output with the details like the Source IP Address, Destination Protocol, Destination Port and Time Stamp.
To do this, we must edit the configuration file for specific Port monitoring and IP Address for listing. After that we need to run the setup file. This will generate the database base file which contains the logs.
To see the logs, we must export it to an excel sheet file, which we can do by running the connection log exporter file.
Open the Connection logger folder, there we will see three files.
1) ConnectionLog (Configuration setting file)
2) ConnectionLogExporter (Export the Database file to excel sheet file)
3) ConnectionLogger (Setup file)
Configuration
1. Open the first file i.e., ConnectionLog (Configuration setting file). Here we will come across six configuration settings.
1. ListenOnIPAddress: An IP Address which we want to listen for incoming or outgoing connections.
2. MonitorInterval: How much time interval it should take to monitor in millisecond.
3. TCP Ports: Provide the TCP Port numbers which we want to Monitor. Where,
Port 53: User and Computer Authentication, Name Resolution, Trusts
Port 88: User and Computer Authentication, Forest Level Trusts
Port 139: User and Computer Authentication, Replication
Port 389: Directory, Replication, User and Computer Authentication, Group Policy, Trusts
Port 3269: Directory, Replication, User and Computer Authentication, Group Policy, Trusts
4. UDP Ports: Provide the UDP Port numbers which we want to Monitor. Where,
Port 53: User and Computer Authentication, Name Resolution, Trusts
Port 88: User and Computer Authentication, Forest Level Trusts
Port 389: Directory, Replication, User and Computer Authentication, Group Policy, Trusts
5. MinDriveSpaceMBAllowed: Provide the minimum drive space in Megabyte
6. IgnoreSubnets: Provide the Subnets we want to filter out.
2. After Configuring this file save it and close.
3. Run the third file i.e., ConnectionLogger (Setup file). As soon as we double click it, the setup file will start up in command prompt.
This will show us the same things that we configured in configuration file like IP Address, Monitoring TCP & UDP Ports, minimum space.
This will also show two more Information, Opened database file and Logging Connections.
4. Now we will see a database file has been created at the same folder.
Results
1. To see the content all we need to do is to run the ConnectionLogExporter application file. In no time this will export the database file to a csv file.
2. Open this file using excel sheet or notepad.
Here we can see the log that have been generated. It shows us the Source IP Address, Destination Protocol, Destination Port and the Time Stamp.
Steps to run connection logger using Task Scheduler -
1. Copy the connection logger folder in a drive of the server where you want to run it.
2. Right click on connectionlogger.exe and create a lnk file in the same folder also create a batch file named Connectionlogger.bat and put the location of lnk file in Connectionlogger.bat file. Change the directory according to the location you pasted the connection logger folder.
1. Open the ConnectionLog.ini file. This is the configuration file.
2. At the first line ListenOnIPAddress, Enter the IP address of the server. This is the IP address of the server for which you want to monitor the traffic.
3. Save the file and close it.
4. Open Task Scheduler, Click on Create New Task.
5. In the first tab General,
a. Enter the task name, provide the service account under which this task scheduler will run.
b. Choose radio button Run whether user is logged on or not.
c. Check Run with highest privileges.
6. Go to next tab Triggers, Click on New
7. In Begin the task drop down box, select option At startup.
8. Click OK.
9. In the Actions tab, click on select a program, In the file explorer pop up window, go to connection logger folder and select the connectionlogger.bat file.
10. Click open, click OK
11. In the next tab Conditions, leave it default.
12. In the Settings tab, Check the following options only:
a. Allow task to be run on demand
b. If the task fails, restart every: 1 minute, Attempt to restart up to: 3 times
c. If the running task does not end when requested, force it to stop
We do not need to do anything on history tab.
13. Click OK, Provide the credential for the service account that you provide in General tab.
14. After that, right click on the connection logger task and click on run.
15. The task scheduler will start the connection logger.
16. Below the files from connection logger. After the connection logger start, it will create a DB-Journal file and Data Base file.
17. To export the logs, click on the ConnectionLogExporter file. This will create a ConnectionLog .csv file.
18. Open the csv file to see the logs.
No comments:
Post a Comment