IPtables log analizer

IPTables log analyzer

Click to enlarge
[ What is is ? ] [ Requirements ] [ Demo ] [ Download ] [ Bugs ] [ Licence ]

IPTables log analizer (TODO : find a nice name for it) displays Linux 2.4/2.6 iptables logs (rejected, acepted, masqueraded packets...) in a nice HTML page (it support rough netfilter logs but also Shorewall and Suse Firewall logs).
This page shall be easy to read and understand to reduce the manual analysis time.
This page containts statistics on packets and links to more detailled information on a given host, port, domain and so on.

To convice you, here is a typical syslog entry for iptables :

[IPTABLES DROP] : IN=ppp0 OUT= MAC= SRC=172.186.2.157 DST=193.253.186.217 LEN=36 TOS=0x00 PREC=0x00 TTL=115 ID=4775 PROTO=ICMP TYPE=8 CODE=0 ID=512 SEQ=3663

And on the top of this page, there is a screenshot of the analysis tool report (large image)

How does it work ?

A small daemon is launched by a user which can read iptables logs files. Each time a new packet is logged, the daemon insert a new row in the database. As of version 0.9, this daemon has been replaced by ulogd.

The statistics and so on are elaborated by the PHP page itself.
More details are available in the FAQ

Requirements

Netfilter at least ;-)
Ulogd
A web server (Linux Apache tested) with PHP interpretor (version 4 or higher)
A database (for the moment only MySQL is supported)
A perl interpreter

Live Demo

Try my test site : http://www.gege.org/myiptables/
CVS version (unstable) : https://sourceforge.net/cvs/?group_id=63361

Download

For the moment, this piece of software is in beta version. But it can be used as this.

Sourceforge based download can be found here
The last version is 0.4 which is available with this link : iptables_logger_v0.4.tar.gz (CHANGELOG)

You can browse the CVS repository here : http://iptablelog.cvs.sourceforge.net/iptablelog/iptablelog/

Installation

Please read the README and INSTALL files in the distribution.
In case of problems, you can join the iptablelog-users mailling list. The project is just getting going again after a long break, so go ahead and get involved.

Bugs

Please report bugs on the Sourceforge page or post on iptablelog-users mailling list.

Licence

This software is free software (sometimes referred to as Open Source), distributed under the terms of GNU GPL. All source code is freely available for everyone.

Who is behind ?

This software was originally developed by Gérald GARCIA (gege@gege.org), the project is currently being developed by Daniel Tarbuck.