IPTables log analyzer

Click to enlarge

[ What is is ? ]  [ Requirements ]  [ Demo ]  [ Download ]  [ Bugs ]  [ Licence ]

What is it for ?

IPTables log analizer (TODO : find a nice name for it) displays
Linux 2.4/2.6 iptables logs (rejected, acepted, masqueraded packets...) in a nice HTML page (it support rough netfilter logs but also Shorewall and Suse Firewall logs).
This page shall be easy to read and understand to reduce the manual analysis time.
This page containts statistics on packets and links to more detailled information on a given host, port, domain and so on.

To convice you, here is a typical syslog entry for iptables :
[IPTABLES DROP] : IN=ppp0 OUT= MAC= SRC= DST= LEN=36 TOS=0x00 PREC=0x00 TTL=115 ID=4775 PROTO=ICMP TYPE=8 CODE=0 ID=512 SEQ=3663
And on the top of this page, there is a screenshot of the analysis tool report (large image)

How does it work ?

A small daemon is launched by a user which can read iptables logs files. Each time a new packet is logged, the daemon insert a new row in the database. As of version 0.9, this daemon has been replaced by ulogd.

The statistics and so on are elaborated by the PHP page itself.

More details are available in the FAQ


Live Demo

Try my test site :
CVS version (unstable) : https://sourceforge.net/cvs/?group_id=63361


For the moment, this piece of software is in beta version. But it can be used as this.

Sourceforge based download can be found
The last version is 0.4 which is available with this link : iptables_logger_v0.4.tar.gz (CHANGELOG)

You can browse the CVS repository here : http://iptablelog.cvs.sourceforge.net/iptablelog/iptablelog/


Please read the README and INSTALL files in the distribution.
In case of problems, you can join the
iptablelog-users mailling list. The project is just getting going again after a long break, so go ahead and get involved.


Please report bugs on the Sourceforge page or post on iptablelog-users mailling list.


This software is
free software (sometimes referred to as Open Source), distributed under the terms of GNU GPL. All source code is freely available for everyone.

Who is behind ?

This software was originally developed by Gérald GARCIA (gege@gege.org), the project is currently being developed by Daniel Tarbuck.