fwanalog 0.6.9

fwanalog is a shell script that parses and summarizes firewall logfiles.

  Add it to your Download Basket!

 Add it to your Watch List!


Rate it!
send us
an update
GPL (GNU General Public License) 
Balázs Bárány
ROOT \ System \ Monitoring
fwanalog is a shell script that parses and summarizes firewall logfiles.

It currently (version 0.6.9) understands logs from ipf (tested with OpenBSD 2.8's and 2.9's ipf, also FreeBSD, NetBSD and Solaris 8 with ipf (+ ipfw on FreeBSD)), OpenBSD 3.x pf, Linux 2.2 ipchains, Linux 2.4 iptables, some ZyXEL/NetGear routers and Cisco PIX, Watchguard Firebox, Firewall-One (not NG!), FreeBSD ipfw and Sonicwall firewalls.
I have tested it on Debian GNU/Linux "sid" with bash and OpenBSD 2.x and 3.x with ksh as /bin/sh.

Other people use it on all kinds of Unix-like platforms. (You might need to change the shebang line to bash on non-free Unixes that don't ship with a powerful enough /bin/sh.)

It can be easily extended for other logfile formats, all it takes is editing two regular expressions.

fwanalog uses the excellent log analysis program Analog (also free software) to create its reports. It does so by converting the firewall log into a fake web server log and calling Analog with a modified configuration.


· Decompress the distribution in some directory, e.g. /usr/local/fwanalog
· Symlink, move or copy the fwanalog.opts.{your OS} to "fwanalog.opts"
· Edit fwanalog.opts if necessary (most settings should be OK, though)
· If your Analog version is not the newest stable one, find a language file for it in the langfiles/ directory and copy it over fwanalog.lng
· On a non-free Unix (e.g. Solaris), modifiy the first line of the fwanalog.sh script to "#! /bin/bash" or where your bash or ksh shell is. Also, look if you have the GNU versions of the utilites listed in fwanalog.opts.
· Execute ./fwanalog.sh
· There should be some HTML and text reports in the directory you specified in fwanalog.opts ("$outdir").

What's New in This Release:

· fwanalog.sh: New ipfw function; bugfix in cisco()
· fwanalog.opts.master, support/mkopts.sh: New ipfw support
· fwanalog.sh: Added contributed sonicwall parser
· fwanalog.sh: Uses a lock file to avoid multiple calls with the same output directory; probably fixed the bug which caused fwanalog not to process the input if it started with the last line of fwanalog.all.log

Last updated on October 11th, 2005

#shell script #firewall logfiles #logfiles parser #fwanalog #shell #script #firewall

Add your review!