Firewall Log Daemon is a program written in C which will watch for ipchains or iptables log alerts in realtime. The program will start a small daemon process that parses and resolves firewall logs by reading a FIFO that syslog writes to. It can queue a batch of alerts and mail them to you, or can be used in a script to crunch an existing log file or data stream. It features hostname, port, protocol, and ICMP type/code lookup, with output formatted by a user-defined template.
|Tags||Internet Log Analysis Security Logging Networking Monitoring Firewalls|
|Operating Systems||POSIX Linux|
Release Notes: All fields in packet log are now captured and decoded, turning all hex values into their corresponding ascii bit strings. The included "decode.php" and corresponding template provides for a web-based log entry decoder. Various bugfixes.
Release Notes: This release supports user-defined output templates to change output formatting, adds many interface improvements and bugfixes, includes an extended (>1024) port/service lookup function and an option to use a user-defined services file, uses runtime configuration options which can be overridden on the commandline, and supports mixed logging environments (tables and chains together).
Release Notes: Code for tables and chains was merged into one executable. The program now automatically matches whatever kind of log data is provided. Multiple string token parsing was replaced with a single pass regex. Command line options were changed. Log data can now be read from STDIN by specifying "-" as the file from which to read. A flag for setting the mail buffer size was added. The Makefile was changed to include "easy" and "uninstall" targets. The easy target does everything for you.
Release Notes: Initial Release. Comments and suggestions are welcome.