[Q] IPTables Log Analyzer

Martin Schwenke martin at meltin.net
Tue Jun 11 09:26:21 EST 2002

>>>>> "Donovan" == Donovan J Edye <d.edye at bigfoot.com> writes:

    Donovan> Can anyone suggest a tool script that will parse IPTables
    Donovan> log files and genereate a sensible report?

I wrote a bunch of scripts that I call scantools, available via:


I used to use these tools for monitoring the firewall at Linuxcare...

Excerpts from the README...


A set of programs to deal with log files containing messages generated
by Linux 2.2 ipchains (via DENY) or Linux 2.4 iptables/netfilter (via
LOG).  In particular, this package is useful for detecting port scans
and complaining about them.

Things that scantools doesn't do:

* Dynamically configure your firewall.

* Automatically send out e-mail messages.

* Help you to scan images.  :-)




scanstats summarises the most "popular" destination addresses and
ports, and source addresses, in log files (under Debian/GNU Linux,
kern.log files) (on STDIN) containing entries produced by ipchains
(via DENY) or iptables/netfilter (via LOG).

scanstats is useful for providing information to encourage you to
tweak firewall rules, and for finding hosts worthy of nasty messages.

Type "scanstats -h" to see the available options.


peace & happiness,

More information about the linux mailing list