# Graphical logs for iptables

## plice

Hi,

Can someone suggest a script to display graphically logs, port scan summary,SPA(port knocking), bad auth; all via http (would be easier)?

i got iptables, psad, fwknop and will put fwsnort or snort (not sure yet).

I know Gnuplot exists, but i was wondering if there is something else out there  :Smile: 

thank you  :Smile: 

----------

## gerdesj

Its a tricky one!  In general, the Unix and therefore the Linux "way" is to bolt together several bits to get the desired result.

I have not found a simple drop in thing for what you want so here is a suggestion - it will take some work though.

You need to grab the data, store it, process it and then output it.  

Grab the data - I know that rsyslog is pretty handy at grabbing kernel logging and can fire it out to:

Store it - MySQL

Process and output - Lots of things eg PHP + Apache

I have not used syslog-ng/metalog et al for a long time so I don't know if they have this feature yet but rsyslog is great for posting to MySQL.  It is non trivial to set up and the docs are a bit random on the rsyslog website.  However, I posted a page on their wiki a while back relating to Exim logging to MySQL which should give you some clues. http://wiki.rsyslog.com/index.php/EximAmalgamatedLog

Once you've got your data into MySQL then you have loads of presentation apps available.  As a last resort you can always use PHPMyAdmin.

Yes, it would be nice if someone created an app for this but that would probably force you in to using iptables in a certain way rather than your way.  The tools are available for you to do the job yourself without having to resort to C.

This is probably not the answer you wanted to hear but I hope that you appreciate that you have options that with a bit of work will do exactly what you want.

Cheers

Jon

----------

## Bones McCracker

snort is a good tool for monitoring firewall log activity, and there are a whole bunch of graphical tools if you look, such as sguil and base:

http://sguil.sourceforge.net/

http://base.secureideas.net/screens.php

----------

## cach0rr0

 *BoneKracker wrote:*   

> snort is a good tool for monitoring firewall log activity, and there are a whole bunch of graphical tools if you look, such as sguil and base:
> 
> http://sguil.sourceforge.net/
> 
> http://base.secureideas.net/screens.php

 

have seen and used base

hadn't seen sguil - neat find, reading docs as we speak.

----------

