iptables log viewer?
Results 1 to 3 of 3

Thread: iptables log viewer?

  1. #1
    Member
    Join Date
    Nov 2004
    Posts
    32

    iptables log viewer?

    What are people out there using to make sense of their iptables logs?

    Varients of grep are not acceptable answers

    I'm looking for fancy sql/php solutions. All I can seem to find is FirewallEye, which I can't seem to filter my /var/log/messages properly with, or another package 'iptables log analyser' which seems to be a fairly stagnent project (again I'm having difficulty getting this to work due to mysql backward compatability issues).

  2. #2
    Senior Member
    Join Date
    Nov 2001
    Posts
    1,255
    I think the reason there aren't many projects is due to the fact that other systems do equally well but do it better. Snort can do pretty well everything a firewall's logger could do, and it does it faster and integrates well with different databases, and there's a few different front-end/log viewers for it. The following URL has more info for the curious: http://www.snort.org/dl/contrib/data_analysis/

    At any rate, if you write your own netfilter rulesyou really shouldn't be cringing at grep. I'd encourage you to pick up some Perl and use it to extract the info you need into exactly the format you need. Sysadmin scripting is really Perl's forte IMO.
    If you absolutely MUST use one of these fancy GUIs, I've only tried one -- FwLogView, and it was only to toy with, but it seemed to do the trick.
    Chris Shepherd
    The Nelson-Shepherd cutoff: The point at which you realise someone is an idiot while trying to help them.
    \"Well as far as the spelling, I speak fluently both your native languages. Do you even can try spell mine ?\" -- Failed Insult
    Is your whole family retarded, or did they just catch it from you?

  3. #3
    Member
    Join Date
    Nov 2004
    Posts
    32
    I'm familiar with acid/base and another one or two front ends that escapes my memory. But I'm eager to have the iptables logs to study as I need to keep my snort rules quite tight and narrow in this instance for a couple of reasons.

    I've never bothered learning perl to be honest, but it sounds like it could be the right time.

    And don't get me wrong I'm not trying to say grep is invaluable at all, I know very well it isn't. But its interesting to note that if you search the securityfocus.com tool archives looking for iptables utilities you'll find 3 pages of tools that will quite happily make rule-sets for you, but not much in the way of log analysis. Its a luxury provided to (all?) commercial firewalls afaik, so why not iptables users? Myself I'm all about working smarter and not harder, so if I can point and click some info I'm quite happy to do that as opposed to pipe commands for a laugh

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides