Installing Iptables Log Analyzer:
Iptables Log Analyzer is a package that analyzes the log output from your iptables firewall, stores the info in a database and then produces a nice user friendly web interface from where you can monitor your firewall log output at any time. The interface even lets you sort throught the logs and group logs by category. The official site for Iptables Log Analyzer can be found at
http://www.gege.org/iptables/.
So let's install it...
The first thing you will need to do is to download the Iptables Log Analyzer package. You can download the latest copy of the package right here:
http://www.iptablesrocks.org/downloa...er_v0.4.tar.gz
Now unpack it...
tar zxvf iptables_logger_v0.4.tar.gz
And now let's start the installation...
cd iptables
Log into mysql and do the database work...
mysql -u root -p
create a database called "iptables"...
mysql> create database iptables;
Now create an admin user for the database...
mysql> grant all privileges on iptables.* to iptables_admin@localhost identified by 'xxxxx';
And a database user for the php interface...
mysql> grant all privileges on iptables.* to iptables_user@localhost identified by 'xxxxx';
All done. Let's exit out.
mysql> quit
Now import the "iptables" database information into the database...
cat sql/db.sql | mysql -u iptables_admin -p iptables
OK, the database should be ready now. Next we'll Install the web interface.
cp -R web /path/to/webdocs/directory/firewall (Example: cp -R web /var/www/html/firewall)
Now you will need to configure the web interface. This is done via the "config.php" file within the interface files.
vi /path/to/webdocs/directory/firewall/config.php (Example: vi /var/www/html/firewall/config.php)
Make sure your configuration data is as follows:
# Host of the MySQL database
$db_host="localhost";
# User of the MySQL database
$db_user="iptables_user";
# Password of the MySQL database
#Make sure you enter your "iptables_user" password in place of the red x's below
$db_password="xxxxxx";
# Name of the database
$db_name="iptables";
# URL Path to your installation
$url_base="/firewall/";
#debug mode
$debug=1;
#The default number of record displayed
$default_number=20;
#The default chain displayed
$default_chain="ALL";
#The default date for packets (10000 means any)
$default_date=10000;
#The default ignored ports
$default_ignored_ports= array();
Save and exit the file.
Now we will configure and install the database feeder script.
vi scripts/feed_db.pl
Make sure the following configuration section is set properly. Make sure you enter the "iptables_user" mysql password where the x's are.
my $dsn = 'DBI:mysql:iptables:localhost';
my $db_user_name = 'iptables_admin';
my $db_password = 'xxxxx';
my $log_file = '/var/log/firewall';
my $pid_file = "/var/run/iptablelog.pid";
Save and exit the file.
Now we will copy the database feeder script to a location from which it can be easily called:
cp feed_db.pl /usr/local/bin/
Next, copy the init.d script called "iptablelog" to your server's init.d directory..
cp scripts/iptablelog /etc/rc.d/init.d/
Note: I've already pre-configured the "iptableslog" init.d script, but you may want to customize it further depending on your needs.
So, let's start it up!
/etc/init.d/iptablelog start
Alright! That should be it. Iptables Log Analyzer should now be running! So, let's take a look at the web interface.
Open a browser and go to:
http://www.yourdomain.com/firewall
You should get the Iptables Log Analyzer screen. It's pretty self explanatory, so just play around with it for a while and you'll figure it out. If you don't see any logs yet, you can trigger a test by logging out of your server and then logging in again via SSH. The SSH connection will be recorded in the iptables logs and this will appear on the Iptables Log Analyzer screen. If you need more help with Iptables Log Analyzer, check out the homepage at
http://www.gege.org/iptables/.
In the next step, we'll cover firewall maintenence as well as step to modify your firewall when needed. We'll also go over how to ensure that your firewall starts up on boot.
Thanks & regards
Jaz_comp
RHCE