IPTables log analyzer
Click to enlarge
[ What is is ? ] [ Requirements ] [ Demo ] [ Download ] [ Bugs ] [ Licence ]
IPTables log analizer (TODO : find a nice name for it) displays Linux 2.4/2.6 iptables logs (rejected, acepted, masqueraded packets...) in a nice HTML page (it support rough netfilter logs but also Shorewall
and Suse Firewall logs).
This page shall be easy to read and understand to reduce the manual analysis time.
This page containts statistics on packets and links to more detailled information on a given host, port, domain and so on.
To convice you, here is a typical syslog entry for iptables :
[IPTABLES DROP] : IN=ppp0 OUT= MAC= SRC=18.104.22.168 DST=22.214.171.124 LEN=36 TOS=0x00 PREC=0x00 TTL=115 ID=4775 PROTO=ICMP TYPE=8 CODE=0 ID=512 SEQ=3663
And on the top of this page, there is a screenshot of the analysis tool report (large image)
A small daemon is launched by a user which can read iptables logs files. Each time a new packet is logged, the daemon insert a new
row in the database. As of version 0.9, this daemon has been replaced by ulogd.
The statistics and so on are elaborated by the PHP page itself.
More details are available in the FAQ
Try my test site : http://www.gege.org/myiptables/
CVS version (unstable) : https://sourceforge.net/cvs/?group_id=63361
For the moment, this piece of software is in beta version. But it can be used as this.
Sourceforge based download can be found here
The last version is 0.4 which is available with this link : iptables_logger_v0.4.tar.gz (CHANGELOG)
You can browse the CVS repository here : http://iptablelog.cvs.sourceforge.net/iptablelog/iptablelog/
Please read the README and INSTALL files in the distribution.
In case of problems, you can join the iptablelog-users mailling list. The project is just getting going again after a long break, so go ahead and get involved.
Please report bugs on the Sourceforge page or post on iptablelog-users mailling list.
This software is free software (sometimes referred to as Open Source), distributed under the terms of GNU GPL. All source code is freely available for everyone.
This software was originally developed by Gérald GARCIA (email@example.com), the project is currently being developed by Daniel Tarbuck.