Jail is a network security tool that offers a simple interface for displaying attempted TCP connections and ICMP packets to help monitor network traffic. It provides an effective way to detect potential threats quickly.
Icmplog and tcplog features can be set to either ignore any packet or log it at any syslog level in the syslog library. The log level can be customised based on the ICMP type for icmplog, and the requested connection port for tcplog. Additionally, the default facility for logging messages (LOG_DAEMON) can be changed as well.
In cases where a given type of packet is logged, the logging level is specified in the configuration files. These configuration files can either be /etc/icmplog.conf and /etc/tcplog.conf, or any overwritten ones using the --file option. The default level can be specified to match packets with no known or unconfigured type.
Detailed installation instructions can be found in the INSTALL file, while the example configurations and manual pages, icmplog(8), icmplog.conf(5), tcplog(8), and tcplog.conf(5) guide users on setting up and using jail.
Log entries contain the source and type of the received packet for icmplog, and the destination port for tcplog. Unknown types present a logged, numeric value instead of a name. The source is logged either as an IP address or hostname, noted by the -n option.
As a testament to its originality, jail was developed based on the iplogger package, but now boasts greater functionality and options.
With the Artistic License distributing jail, there is no warranty on the software expressed or implied. However, any broken pieces can always be kept for reference.
Version 1.6: N/A