Can anyone recommend an IPtables log analysis tool?
Now that I've got my firewall in place, I've been amused to see some of the traffic that I've been getting. I know that there are a number of tools out there that provide reports based upon iptables output, but I'd appreciate if anyone could give me some recommendations.
From what I gather, some of the tools require a kernel recompile and then use the QUEUE target to write the info to a special log (or something like that) and then have another anlysis piece.
I've seen some others that seem to work off of the /var/log/messages.
My ideal tool would keep /var/log/messages a bit cleaner, deliver some reasonable reports, and be PERL based.
|