[Q] IPTables Log Analyzer
Martin Schwenke
martin at meltin.net
Tue Jun 11 09:26:21 EST 2002
>>>>> "Donovan" == Donovan J Edye <d.edye at bigfoot.com> writes:
Donovan> Can anyone suggest a tool script that will parse IPTables
Donovan> log files and genereate a sensible report?
I wrote a bunch of scripts that I call scantools, available via:
http://meltin.net/hacks/linux/
I used to use these tools for monitoring the firewall at Linuxcare...
Excerpts from the README...
scantools:
A set of programs to deal with log files containing messages generated
by Linux 2.2 ipchains (via DENY) or Linux 2.4 iptables/netfilter (via
LOG). In particular, this package is useful for detecting port scans
and complaining about them.
Things that scantools doesn't do:
* Dynamically configure your firewall.
* Automatically send out e-mail messages.
* Help you to scan images. :-)
[...]
----------------------------------------------------------------------
scanstats:
scanstats summarises the most "popular" destination addresses and
ports, and source addresses, in log files (under Debian/GNU Linux,
kern.log files) (on STDIN) containing entries produced by ipchains
(via DENY) or iptables/netfilter (via LOG).
scanstats is useful for providing information to encourage you to
tweak firewall rules, and for finding hosts worthy of nasty messages.
Type "scanstats -h" to see the available options.
[...]
peace & happiness,
martin
More information about the linux
mailing list