Wflogs

Wflogs is a firewall log analysis tool.
Download

Wflogs Ranking & Summary

Advertisement

  • Rating:
  • License:
  • GPL
  • Price:
  • FREE
  • Publisher Name:
  • Herv Eychenne
  • Publisher web site:
  • http://www.wallfire.org/wflogs/

Wflogs Tags


Wflogs Description

Wflogs is a firewall log analysis tool. Wflogs is a firewall log analysis tool. It can be used to produce a log summary report in plain text, HTML and XML, or to monitor firewalling logs in real-time.This project is part of the WallFire project, but can be used independently.Usage examples: wflogs -i netfilter -o html netfilter.log > logs.htmlconverts the given netfilter log file into a HTML report. wflogs --sort=protocol,-time -i netfilter -o text netfilter.log > logs.txtconverts the given netfilter log file into a sorted (by protocol number, then reverse time) text report. wflogs -f '$start_time >= && $start_time < && $chainlabel =~ /(DROP|REJECT)/ && $sipaddr == 10.0.0.0/8 && $protocol == tcp && ($dport == ssh || $dport == telnet) && ($tcpflags & SYN)' -i netfilter -o text --summary=noshows log entries (without summary) which match the given expression (refused connection attempts that occured 3 days ago to ssh and telnet ports coming from internal network 10.0.0.0/8). wflogs -i netfilter -o text --resolve=0 --whois=0 netfilter.logconverts the given netfilter log file into a text report (default mode), disabling IP address reverse lookups and whois lookups. wflogs -i netfilter -o xml netfilter.log > logs.xmlexports netfilter logs in XML. wflogs -i ipchains -o netfilter ipchains.log > netfilter.logconverts ipchains logs into netfilter log format. So you may process them with your favorite netfilter log analyser, for example (even if the latter may not be better than wflogs itself. wflogs -i ipfilter -o human --datalen=yes ipfilter.logproduces a report about ipfilter logfile in natural language on stdout, displaying packet length (datalen option) which is not showed by default. wflogs -R -Imonitors logs in real-time in an interactive shell, waiting for logs in the default system logfile, in guessed format (according to the local firewalling tool). Supported systemsWallFire is intended to work on real systems such as Unix, especially Linux and *BSD. Current wflogs input modules are: · netfilter (Linux 2.4 and 2.6 firewall logs) · ipchains (Linux 2.2 firewall logs) · ipfilter (NetBSD, FreeBSD, OpenBSD, Solaris, SunOS 4, IRIX and HP-UX running ipfilter firewall logs). · cisco_pix (Cisco PIX filter logs) · cisco_ios (Cisco IOS filter logs) · snort (Snort ACLs logs) Please note that input modules are available on any architecture on which wflogs can run (for example, you can perfectly parse Cisco PIX logs on a Linux box).What's New in This Release:· Improved matching of netfilter and ipfilter input modules.· Added support for Cisco FWSM (PIX).· Improved netfilter parsing.· Compilation fixes for *BSD.· Added wflogs.dtd.· Added wfchkintegrity tool, which enables to monitor changes in the firewalling configuration.· Fixed buffer sizes for some input modules.· Fixed parsing with recent flex versions.


Wflogs Related Software

About SoftwareSea