IPTables log analyzer
Click to enlarge
[ What is is ? ] [ Requirements ] [ Demo ] [ Download ] [ Bugs ] [ Licence ]
IPTables log analizer (TODO : find a nice name for it) displays Linux 2.4 iptables logs (rejected, acepted, masqueraded packets...) in a nice HTML page (it support rough netfilter logs but also Shorewall
and Suse Firewall logs).
This page shall be easy to read and understand to reduce the manual analysis time.
This page containts statistics on packets and links to more detailled information on a given host, port, domain and so on.
To convice you, here is a typical syslog entry for iptables :
[IPTABLES DROP] : IN=ppp0 OUT= MAC= SRC=188.8.131.52 DST=184.108.40.206 LEN=36 TOS=0x00 PREC=0x00 TTL=115 ID=4775 PROTO=ICMP TYPE=8 CODE=0 ID=512 SEQ=3663
And on the top of this page, there is a screenshot of the analysis tool report (large image)
A small deamon is launched by a user which can read iptables logs files. Each time a new packet is logged, the daemon insert a new
row in the database.
The statistics and so on are elaborated by the PHP page itself.
More details are available in the FAQ
Try my test site : http://www.gege.org/myiptables/
CVS version (unstable) : http://www.gege.org/newiptables/
For the moment, this piece of software is in beta version. But it can be used as this.
Sourceforge based download can be found here
The last version is 0.4 which is available with this link : iptables_logger_v0.4.tar.gz (CHANGELOG)
You can browse the CVS repository here : http://www.gege.org/cgi-bin/viewcvs.cgi/projects/iptables/
The unstable distribution (top of the CVS tree) can be downloaded from here
Please read the README file in the distribution.
In case of problems, you can mail me at email@example.com or join the iptablelog-users mailling list
Please report bugs on the Sourceforge page or post on iptablelog-users mailling list.
This software is free software (sometimes referred to as Open Source), distributed under the terms of GNU GPL. All source code is freely available for everyone.
This software is developped by Gérald GARCIA (firstname.lastname@example.org)