NIELD (Network Forensics) :: Tools
NIELD (Network Interface Events Logging Daemon) is a tool that receives notifications from the kernel through the netlink socket, and generates logs related to interfaces, neighbor cache(ARP,NDP), IP address(IPv4,IPv6), routing, FIB rules, traffic control.
Usage :
nield [-vh46inarft] [-p lock_file] [-s buffer_size] [-l log_file] [-L syslog_facility] [-d debug_file]
Standard options:
-v Displays the version and exit.
-h Displays the usage and exit.
-p lock_file
Specifies the lock file to use. Default is "/var/run/nield.pid", if not specified.
-s buffer_size
Specifies the maximum socket receive buffer in bytes.
Logging options:
It uses the log file "/var/log/nield.log", if neither "-l" nor "-L" specified.
-l log_file
Specifies the log file to use.
-L syslog_facility
Specifies the facility to use logging events via syslog.
The standard syslog facilities are as follows:
auth, authpriv, cron, daemon, ftp, kern, lpr, mail, mark, news, security, syslog,
user, uucp, local0, local1, local2, local3, local4, local5, local6, local7
-d debug_file
Specifies the debug file to use.
Event options:
All events are received, if any event option not specified.
-4 Logging events related to IPv4.
-6 Logging events related to IPv6.
-i Logging events related to interfaces.
-n Logging events related to neigbour cache(ARP, NDP).
-a Logging events related to IP address.
-r Logging events related to routing.
-f Logging events related to fib rules.
-t Logging events related to traffic control.
Post a Comment