Originally Posted by Q
Oh please, enlighten us! If you have the time, who cares about a couple pages. Your post would actually be INFORMATION instead of FAPPING and gehsex.
OpenWRT with iptables, explicit ingress/egress policy. SQUID proxy server on primary server. iprecorder (tcpdump w/redirection to pcap) bound to WAN interface on OpenWRT over SSH to pcap file(s) on server (excellent forensic investigation tool since I can review raw packet data). Perl code tailing pcap with redirection to FIFO. Snort + BASE on server reading FIFO.
OSSEC-HIDS watching server, syslog-ng receive syslog messages from OpenWRT.
That's just the "network layer" crap, when we start talking application layer we'll be a couple of pages.