How to count connections to a host over a given time period? TCP logs?

Question

If I do a

 sudo netstat -tup | awk '{print $5}' | sort | uniq -c | sort -n

I can get a list and count of how many connections I have to each host. But how can I tell how many times I've been connecting to that host ever minute/hour/day? Is there a TCP log somewhere that I can grep through to see how and when I'm connecting to what?

I'm guessing that there is no such log because it would be massive in a short period of time. How would I create such a log with just my desired information? I don't think that using netstat would work for this since it only lists the connections at a give time. without timestamps, I don't have a reliable way to count the connections.

Answer 1

IPTables can be used to log connections.

http://www.linuxdynasty.org/how-to-log-in-iptables.html

Answer 2

iptables -A OUTPUT -m state --state NEW -j LOG --log-prefix "New connection: "

This will log all new outgoing connections, not just TCP. If you only want TCP, add:

-p tcp

You can grep 'New connection: ' out of syslog.