Wflogs is a firewall log analysis tool. It can be used to produce a log summary report in plain text, HTML, and XML, or to monitor firewalling logs in real-time. For now, netfilter, ipchains, ipfilter, cisco_pix, cisco_ios, and snort input formats are supported. It is particularly fast when asynchronous DNS resolution is enabled. The goal of the WallFire project is to build a very general and modular firewalling application based on Netfilter or any kind of low-level framework. Wflogs is part of the WallFire project, but can be used independently.
|Tags||Internet Log Analysis Networking Monitoring Firewalls Logging Security|
|Operating Systems||POSIX Linux|
Release Notes: Wflogs now compiles under *BSD. Parsing with recent flex versions was fixed, and buffer sizes for some input modules were fixed. Matching of netfilter and ipfilter input modules was improved. Support for Cisco FWSM (PIX) was added. This version now contains the wflogs XML DTD and wfchkintegrity, which enables the user to monitor changes in the firewalling configuration.
Release Notes: This version fixes a small memory leak in realtime mode. A little interactivity is now possible when interactive and realtime modes are both enabled and logs are being flooded. A tool named wfchkintegrity was added, which enables you to monitor changes in the firewalling configuration.
Release Notes: This version adds a new interactive command "filter", as well as small parsing improvements for the netfilter input module. It allows the user to switch to interactive mode while doing real-time monitoring by sending a signal. Wflogs now issues no error if one or both port numbers are null.
Release Notes: New real-time and interactive modes were added. These can be combined for an evolved real-time monitoring (similar to 'tail -f'). Support for every cisco pix log format was added. A bug which prevented the snort input module from working properly was fixed.
Release Notes: The 'lines' and 'header' output module options were added. Parsing of syslog files was improved.