teknux
Guru
Joined: 19 Feb 2003
Posts: 517
Location: Rome, IT
|
 Posted: Fri Jul 08, 2005 12:39 am Post subject: pySholog: a shorewall log parser (update 0.7.1) |
 |
|
Hi there,
I wrote a little parser for shorewall logs, with colors and filtering support. Here is his help output:
| Code: |
./pysholog71.py -h
usage: pysholog71.py [options] (use -h or --help for a list of options)
options:
--version show program's version number and exit
-h, --help show this help message and exit
-D, --debug colors only the match entries (useful for fw debug)
-v, --verbose more detailed output
-fFILE, --file=FILE specify an input file (default stdin)
-dDATE, --date=DATE prints logs of specified date
-aIP, --address=IP prints logs with a specified address
-iIFACE, --iface=IFACE prints logs with a specified interface
-pPORT, --port=PORT prints logs with a specified port
|
output with ip filtering:
| Code: |
darkbox pylog # ./pysholog5.py -f /var/log/shorewall/current -a '61.129.115.99'
Jul 6 23:33:12 net2all:ppp0 DROP UDP 61.129.115.99:39793 -> 84.222.185.175:1027
Jul 7 02:32:01 net2all:ppp0 DROP UDP 61.129.115.99:34438 -> 84.222.185.175:1027
Jul 7 20:15:32 Shorewall Started
Jul 7 22:59:11 Shorewall Started
Jul 8 02:30:54 net2all:ppp0 DROP UDP 61.129.115.99:46350 -> 84.222.141.45:1026
Jul 8 02:31:23 net2all:ppp0 DROP UDP 61.129.115.99:46488 -> 84.222.141.45:1026
|
if someone is interested, here is the link to download it 
In the next releases I'm planning to add support for more protocols, a policy filter and, maybe, I will add the capability to get statistical frequency of requested filtered data.
comments and suggestions are welcome 
regards,
tek |
|
Unsupported Software
