Research on log system based on connect tracing model for storage optimize
基于连接跟踪的存储优化日志系统的研究*

Netfilter/Iptables firewall that embedded in Linux kernel 2.4 or above version recorded one item for each incoming packet in the log function.This would create information redundancy and use a mass of log memory space.This document proposed a method based on connection track function of Netfilter.According to the information of network connection,it recorded one item for all packets information of one connection by expanding the core data structure of the Netfilter/Iptables and it acquired log information from kernel space dynamically.This reduced log redundancy and made log analysis and management convenient.