Is there any way that I can track any network access (on any port) made to my server by a particular IP? I'm on Ubuntu Server 16.04 LTS and am using uncomplicated firewall.
Preferably, I'd be able to hook whatever the solution is into a script to email me whenever any activity occurs - but I'd be okay with results stored in a logfile instead.
Any help would be much appreciated
You are looking for psad. This place would be a nice start: https://www.thefanclub.co.za/how-to/how-install-psad-intrusion-detection-ubuntu-1604-lts-server
By default it can do all you're asking for any incoming ip address, but, it works via a LOG rule. If you match the IP you're looking for in the LOG rule, and just log traffic from it, psad will only work for this ip.
By default it bans the offending host too, but you can set it to trigger only mail and no ban actions.
