Hatchet 0.8.1 RC1

Hatchet provides a log parser for OpenBSD's PF.

  Add it to your Download Basket!

 Add it to your Watch List!


Rate it!
send us
an update
BSD License 
Jason Dixon
ROOT \ Security
Hatchet provides a log parser for OpenBSD's PF.

Hatchet is a log parsing/presentation program written for OpenBSD's PF logs. Hatchet should be useful to the typical PF administrator who wishes to review their PF logs in a chronological order via a graphical (web) interface. Hatchet archives the logs so that you can search past events. It also allows you to sort by column, so that you may isolate traffic by source or destination address, service, rule number, etc. Additionally, it provides external links to perform DNS queries on source addresses and service quries from SANS.

Hatchet uses a series of Perl regexes to match entries from the pflog logs. The log entries are stored in a SQLite database file, allowing for highly dynamic queries and statistics. If it finds one it doesn't have a match for, it will kick off an email to the system administrator (root@localhost) with the details. It's possible to install the web interface on a separate webserver, the INSTALL document covers each task and where it should be performed. Although Hatchet uses SQLite, it does not require installation of the full SQLite "suite", only the DBD::SQLite module, which incorporates the necessary libraries.

Hopefully you find this a useful, clean log viewing utility. I plan to incorporate new features eventually, particularly more advanced reporting, but time will tell. I happily accept feature requests, but I don't intend to incorporate features that would otherwise be best handled the "OpenBSD way". In other words, I won't add a PF ruleset editor, don't ask.

What's New in This Release:

Reorganization and fixes of all Docs/*.
Moved all cgi-bin/* to the default /cgi-bin/.
Removed alt location option for create_db.pl.
Moved all variables to universal config file (/etc/hatchet.conf).
Fixed the "Transaction aborted" bug in hatchet.
Regex additions for HSRP, ICMP, SNMP, and DNS replies.

Last updated on February 17th, 2007

#log parsing #PF firewall #HTML output #Hatchet #PF #firewall #parsing

Add your review!