IPTables log analizer displays Linux 2.4 iptables logs (rejected, acepted, masqueraded packets...) in a nice HTML page (it support rough netfilter logs but also Shorewall and Suse Firewall logs).
This page shall be easy to read and understand to reduce the manual analysis time.
This page containts statistics on packets and links to more detailled information on a given host, port, domain and so on.
To convice you, here is a typical syslog entry for iptables :
[IPTABLES DROP] : IN=ppp0 OUT= MAC= SRC=18.104.22.168 DST=22.214.171.124 LEN=36 TOS=0x00 PREC=0x00 TTL=115 ID=4775 PROTO=ICMP TYPE=8 CODE=0 ID=512 SEQ=3663
How does it work ?
A small deamon is launched by a user which can read iptables logs files. Each time a new packet is logged, the daemon insert a new row in the database.
The statistics and so on are elaborated by the PHP page itself.
· Netfilter at least ;-)
· A web server (Linux Apache tested) with PHP 4 interpretor
· A database (for the moment only MySQL is supported)
· A perl interpreter