| View previous topic :: View next topic |
| Author |
Message |
ee99ee2
Guru
Joined: 18 Jun 2002
Posts: 307
Location: Murfreesboro, TN, USA
|
 Posted: Sat Nov 22, 2003 11:04 pm Post subject: iptables log analizer |
 |
|
Does anyone know of a good iptables log analizer? I'd like to see one that's PHP.
-ee99ee
_________________
ServerMotion |
|
| Back to top |
|
 |
ozukir@
Apprentice
Joined: 14 Oct 2002
Posts: 209
Location: USA
|
| Posted: Mon Nov 24, 2003 12:38 am Post subject: |
|
|
| Haven't tried it but here's one. |
|
| Back to top |
|
|
ee99ee2
Guru
Joined: 18 Jun 2002
Posts: 307
Location: Murfreesboro, TN, USA
|
| Posted: Thu Dec 11, 2003 7:37 am Post subject: |
|
|
Ehh, after looking at that one, I'm not impressed. Anyone else have any others that are decent? I'm really interested in this now, as I've got some more servers that I need to monitor.
I'm looking for something like awstats, only for iptables. I want to be able to either tell it to parse a log, or have it parse a log everytime it's viewed. I'd like it in PHP, but anything web-based will work.
-ee99ee
_________________
ServerMotion |
|
| Back to top |
|
|
swimmer
Veteran
Joined: 15 Jul 2002
Posts: 1330
Location: Netherlands
|
| Posted: Thu Dec 11, 2003 9:58 am Post subject: Re: iptables log analizer |
|
|
| ee99ee2 wrote: | Does anyone know of a good iptables log analizer? I'd like to see one that's PHP.
-ee99ee |
I use fwlogwatch and am quite content with it ...
| Code: | * net-analyzer/fwlogwatch
Latest version available: 0.9.3
Latest version installed: 0.9.3
Size of downloaded files: 92 kB
Homepage: http://cert.uni-stuttgart.de/projects/fwlogwatch/
Description: A packet filter and firewall log analyzer
|
Greetz
Stefan |
|
| Back to top |
|
|
mirko_3
l33t
Joined: 02 Nov 2003
Posts: 605
Location: Birreria
|
| Posted: Thu Dec 11, 2003 1:51 pm Post subject: |
|
|
I can't get fwlogwatch to work with shorewall  I get:
| Code: |
0 (and 12 malformed) of 12 entries in the file "/var/log/shorewall/current" are packet logs, 0 have unique characteristics.
|
_________________
Non fa male! Non fa male! |
|
| Back to top |
|
|
swimmer
Veteran
Joined: 15 Jul 2002
Posts: 1330
Location: Netherlands
|
| Posted: Thu Dec 11, 2003 4:04 pm Post subject: |
|
|
| mirko_3 wrote: | I can't get fwlogwatch to work with shorewall I get:
| Code: |
0 (and 12 malformed) of 12 entries in the file "/var/log/shorewall/current" are packet logs, 0 have unique characteristics.
|
|
Hmm - the Shorewall FAQ says it can handle it ...
You should look further there.
Greetz
Stefan |
|
| Back to top |
|
|
mirko_3
l33t
Joined: 02 Nov 2003
Posts: 605
Location: Birreria
|
| Posted: Thu Dec 11, 2003 9:31 pm Post subject: |
|
|
could someone please post a line from their iptables log? mine, using shorewall, looks like this:
| Code: |
Dec 11 21:40:46 [kernel] Shorewall:net2all:DROP:IN=ppp0 OUT= MAC= SRC=66.169.159.98 DST=82.84.79.156 LEN=404 TOS=0x00 PREC=0x00 TTL=114 ID=15576 PROTO=UDP SPT=2452 DPT=1434 LEN=384
|
_________________
Non fa male! Non fa male! |
|
| Back to top |
|
|
Major Konig ZX-12R
Tux's lil' helper
Joined: 03 Aug 2003
Posts: 76
Location: Socialist Republic of Washington State
|
| Posted: Fri Dec 12, 2003 7:01 am Post subject: |
|
|
| Is there an ebuild for iptables log? Can't find it if there is one. |
|
| Back to top |
|
|
g_os
n00b
Joined: 25 Nov 2003
Posts: 71
Location: France
|
| Posted: Fri Dec 12, 2003 10:55 pm Post subject: |
|
|
| mirko_3 wrote: | could someone please post a line from their iptables log? mine, using shorewall, looks like this:
| Code: |
Dec 11 21:40:46 [kernel] Shorewall:net2all:DROP:IN=ppp0 OUT= MAC= SRC=66.169.159.98 DST=82.84.79.156 LEN=404 TOS=0x00 PREC=0x00 TTL=114 ID=15576 PROTO=UDP SPT=2452 DPT=1434 LEN=384
|
|
Hi, I have the same things for long time And I am just looking at it to reduce my logs.
Note: Somebody is sending you some packet that your firewall are droping. That's a good things, but did you want to see it each time in your logs ... that is the question ...
G_os
_________________
I can't remember where I take this avatar, thanks ;p) |
|
| Back to top |
|
|
mirko_3
l33t
Joined: 02 Nov 2003
Posts: 605
Location: Birreria
|
| Posted: Sat Dec 13, 2003 1:56 pm Post subject: |
|
|
Oh, I don't mind if metalog logs every packet, since it automatically rotates, so they don't grow that much... the only problem I have is that I can't get fwlogwatch to work with my shorewall logs...
_________________
Non fa male! Non fa male! |
|
| Back to top |
|
|
g_os
n00b
Joined: 25 Nov 2003
Posts: 71
Location: France
|
| Posted: Sat Dec 13, 2003 2:56 pm Post subject: |
|
|
| mirko_3 wrote: | | Oh, I don't mind if metalog logs every packet, since it automatically rotates, so they don't grow that much... the only problem I have is that I can't get fwlogwatch to work with my shorewall logs... |
It's not a matter of reducing size of logs (metalog too  ) but remove false alarm to help reading ..
I use logsentry but not tested fwlogwatch
G_os
_________________
I can't remember where I take this avatar, thanks ;p) |
|
| Back to top |
|
|
mirko_3
l33t
Joined: 02 Nov 2003
Posts: 605
Location: Birreria
|
| Posted: Sat Dec 13, 2003 3:32 pm Post subject: |
|
|
I tried logsentry, but It just e-mails me the latest part of shorewall log, not very helpful...
_________________
Non fa male! Non fa male! |
|
| Back to top |
|
|
|
Networking & Security
