IPTables log analyzer



Click to enlarge

[ What is is ? ]  [ Requirements ]  [ Demo ]  [ Download ]  [ Bugs ]  [ Licence ]


What is it for ?

IPTables log analizer (TODO : find a nice name for it) displays
Linux 2.4 iptables logs (rejected, acepted, masqueraded packets...) in a nice HTML page (it support rough netfilter logs but also Shorewall and Suse Firewall logs).
This page shall be easy to read and understand to reduce the manual analysis time.
This page containts statistics on packets and links to more detailled information on a given host, port, domain and so on.

To convice you, here is a typical syslog entry for iptables :
[IPTABLES DROP] : IN=ppp0 OUT= MAC= SRC=172.186.2.157 DST=193.253.186.217 LEN=36 TOS=0x00 PREC=0x00 TTL=115 ID=4775 PROTO=ICMP TYPE=8 CODE=0 ID=512 SEQ=3663
And on the top of this page, there is a screenshot of the analysis tool report (large image)



How does it work ?

A small deamon is launched by a user which can read iptables logs files. Each time a new packet is logged, the daemon insert a new row in the database.

The statistics and so on are elaborated by the PHP page itself.

More details are available in the FAQ


Requirements


Live Demo


Try my test site :
http://www.gege.org/myiptables/
CVS version (unstable) : http://www.gege.org/newiptables/

Download

For the moment, this piece of software is in beta version. But it can be used as this.

Sourceforge based download can be found
here
The last version is 0.4 which is available with this link : iptables_logger_v0.4.tar.gz (CHANGELOG)

You can browse the CVS repository here : http://www.gege.org/cgi-bin/viewcvs.cgi/projects/iptables/
The unstable distribution (top of the CVS tree) can be downloaded from here


Installation

Please read the README file in the distribution.
In case of problems, you can mail me at
gege@gege.org or join the iptablelog-users mailling list

Bugs

Please report bugs on the Sourceforge page or post on iptablelog-users mailling list.


Licence

This software is
free software (sometimes referred to as Open Source), distributed under the terms of GNU GPL. All source code is freely available for everyone.

Who is behind ?

This software is developped by Gérald GARCIA (gege@gege.org)