LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 07-14-2011, 02:12 PM   #1
Pacifiste95
LQ Newbie
 
Registered: Jul 2011
Posts: 5

Rep: Reputation: Disabled
Talking best iptables log analyzer


Hello all,

i want to view my iptables log on web interface, with chart (in option, but this is not my priority).

What is the best program for this?

Thanks !

 
Old 07-15-2011, 04:22 AM   #2
Noway2
Senior Member
 
Registered: Jul 2007
Distribution: Ubuntu 10.10, Slackware 64-current
Posts: 2,124

Rep: Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776
I am not aware of any iptables log viewing applications as such. It is possible that one of the firewall GUI front ends or server administration packages offer this feature, but again I don't use those either. I do periodically look at the iptables (blocked) log and occasionally search it for specific hosts in question, but that is about it. One of the problems with trying to graph the information on such a log is that it would likely contain a lot of near random data as the IP addresses and ports will change continuously. You may notice trends in time, such as a rise in popularity of attempting access on a particular port, but this is information you can find on many a good security information sites.

Instead of trying to track your iptables logs, a better approach might be to use a program like Snort, which actually looks at the traffic and categorizes it against known threat profiles. The PHP tool called Base, will then give you reports, graphs, and charts allowing you ways to analyze the threats and most importantly, repeat offenders.
 
Old 07-15-2011, 06:52 AM   #3
salasi
Senior Member
 
Registered: Jul 2007
Location: Directly above centre of the earth, UK
Distribution: SuSE, plus some hopping
Posts: 3,896

Rep: Reputation: 774Reputation: 774Reputation: 774Reputation: 774Reputation: 774Reputation: 774Reputation: 774
There is another thread on this subject here. Unfortunately, it is an ancient thread, so I don't know how much use any of the information would be now.

Actually, I did a search in a well-known search engine (search terms: iptables log analysis tool), and a lot of the first page of hits were also ancient, so i don't really know what that means. Maybe, there was more interest in this subject five years ago.

@Noway2
Quote:
It is possible that one of the firewall GUI front ends or server administration packages offer this feature, but again I don't use those either.
I'd thought that I'd heard of something similar, but I don't use a GUI front end, so I didn't pay it much attention. There is a description here of firestarter which may be what i was thinking of, but I can't really remember.

In any case, it seems that what you are asking for could be dealt with by a bit of shell scripting and, say, filtering a log by how many accesses there are from each IP, or something. But, as with Noway2 I'd have to ask how exactly this will help with anything that's important. I mean, everyone gets noise in their log file, but you really want to sort the dangerous stuff from the noise. Does knowing which IP accesses are coming from help you do that?
 
  


Reply

Tags
analyzer, iptables, log


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
LILA - Live Iptables Log Analyzer Scandium Linux - General 1 03-17-2011 02:50 AM
iptables log analyzer Ammad Linux - General 2 09-19-2009 04:51 AM
iptables log analyzer? sauce Linux - Software 1 12-13-2005 03:39 AM
IPTables Log Analyzer ddaas Linux - Security 4 06-26-2005 07:21 AM
IPtables Log Analyzer from http://www.gege.org/iptables/ brainlego Linux - Software 0 08-11-2003 06:08 AM


All times are GMT -5. The time now is 03:37 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration