# iptables log analizer

## ee99ee2

Does anyone know of a good iptables log analizer? I'd like to see one that's PHP.

-ee99ee

----------

## ozukir@

Haven't tried it but here's one.

----------

## ee99ee2

Ehh, after looking at that one, I'm not impressed. Anyone else have any others that are decent? I'm really interested in this now, as I've got some more servers that I need to monitor.

I'm looking for something like awstats, only for iptables. I want to be able to either tell it to parse a log, or have it parse a log everytime it's viewed. I'd like it in PHP, but anything web-based will work.

-ee99ee

----------

## swimmer

 *ee99ee2 wrote:*   

> Does anyone know of a good iptables log analizer? I'd like to see one that's PHP.
> 
> -ee99ee

 

I use fwlogwatch and am quite content with it ...

```
*  net-analyzer/fwlogwatch

      Latest version available: 0.9.3

      Latest version installed: 0.9.3

      Size of downloaded files: 92 kB

      Homepage:    http://cert.uni-stuttgart.de/projects/fwlogwatch/

      Description: A packet filter and firewall log analyzer

```

Greetz

Stefan

----------

## mirko_3

I can't get fwlogwatch to work with shorewall  :Sad:  I get:

```

0 (and 12 malformed) of 12 entries in the file "/var/log/shorewall/current" are packet logs, 0 have unique characteristics.

```

----------

## swimmer

 *mirko_3 wrote:*   

> I can't get fwlogwatch to work with shorewall  I get:
> 
> ```
> 
> 0 (and 12 malformed) of 12 entries in the file "/var/log/shorewall/current" are packet logs, 0 have unique characteristics.
> ...

 

Hmm - the Shorewall FAQ says it can handle it ...

You should look further there.

Greetz

Stefan

----------

## mirko_3

could someone please post a line from their iptables log? mine, using shorewall, looks like this:

```

Dec 11 21:40:46 [kernel] Shorewall:net2all:DROP:IN=ppp0 OUT= MAC= SRC=66.169.159.98 DST=82.84.79.156 LEN=404 TOS=0x00 PREC=0x00 TTL=114 ID=15576 PROTO=UDP SPT=2452 DPT=1434 LEN=384 

```

----------

## Major Konig ZX-12R

Is there an ebuild for iptables log?  Can't find it if there is one.

----------

## g_os

 *mirko_3 wrote:*   

> could someone please post a line from their iptables log? mine, using shorewall, looks like this:
> 
> ```
> 
> Dec 11 21:40:46 [kernel] Shorewall:net2all:DROP:IN=ppp0 OUT= MAC= SRC=66.169.159.98 DST=82.84.79.156 LEN=404 TOS=0x00 PREC=0x00 TTL=114 ID=15576 PROTO=UDP SPT=2452 DPT=1434 LEN=384 
> ...

 

Hi, I have the same things for long time  :Sad:  And I am just looking at it to reduce my logs. 

Note: Somebody is sending you some packet that your firewall are droping. That's a good things, but did you want to see it each time in your logs ... that is the question ...

G_os

----------

## mirko_3

Oh, I don't mind if metalog logs every packet, since it automatically rotates, so they don't grow that much... the only problem I have is that I can't get fwlogwatch to work with my shorewall logs...  :Sad: 

----------

## g_os

 *mirko_3 wrote:*   

> Oh, I don't mind if metalog logs every packet, since it automatically rotates, so they don't grow that much... the only problem I have is that I can't get fwlogwatch to work with my shorewall logs... 

 

It's not a matter of reducing size of logs (metalog too  :Smile: ) but remove false alarm to help reading ..

I use logsentry but not tested fwlogwatch 

G_os

----------

## mirko_3

I tried logsentry, but It just e-mails me the latest part of shorewall log, not very helpful...

----------

