January 8th, 2003, 04:55 AM
Packet filter/firewall/IDS log analyzer
Just been browsing around and found this. Thought i can share it here (i see no mention about it at AO). What do you guys/girls use to analyze logs from your firewalls? Try this open source tool!
fwlogwatch (http://cert.uni-stuttgart.de/projects/fwlogwatch/) is a packet filter/firewall/IDS log analyzer written by Boris Wesslowski. It can analyze log entries for Linux ipchains, Linux netfilter/iptables, Solaris/BSD/Irix/HP-UX ipfilter, Cisco IOS, Cisco PIX, NetScreen Windows XP firewall, Elsa Lancom router and Snort IDS. It does reverse DNS lookups and lookups in the whois database. It can generate plain text and HTML (with CSS) summary with many sort options. It runs on Linux, Solaris, FreeBSD, OpenBSD and Win 95/98/ME/NT/2000/XP. Great isn't it?
Always listen to experts. They\'ll tell you what can\'t be done and why. Then go and do it. -- Robert Heinlein
I\'m basically a very lazy person who likes to get credit for things other people actually do. -- Linus Torvalds