Wednesday, January 25, 2006

Fwanalog, analys your firewall logs now!


I have tried out fwanalog some time ago, and I am really impressed of the work the coder has done with shell scripts. If you consider the commercial software CheckPoint sells, (Reporter), you will
find this tool alot more useful. So start parsing your firewall logs today!



fwanalog is a shell script that parses and summarizes firewall logfiles. It currently (version 0.6.9) understands logs from ipf (tested with OpenBSD 2.8's and 2.9's ipf, also FreeBSD, NetBSD and Solaris 8 with ipf (+ ipfw on FreeBSD)), OpenBSD 3.x pf, Linux 2.2 ipchains, Linux 2.4 iptables, some ZyXEL/NetGear routers and Cisco PIX, Watchguard Firebox, Firewall-One (not NG!), FreeBSD ipfw and Sonicwall firewalls.



(You might need to change the shebang line to bash on non-free Unixes that don't ship with a powerful enough /bin/sh.)

It can be easily extended for other logfile formats, all it takes is editing two regular expressions.

fwanalog uses the excellent log analysis program Analog (also free software) to create its reports. It does so by converting the firewall log into a fake web server log and calling Analog with a modified configuration.

Technorati Tags:
, , , , , , , , ,


No comments: