Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Graphical logs for iptables
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
plice
Tux's lil' helper
Tux's lil' helper


Joined: 09 Nov 2009
Posts: 84
Location: Poland

PostPosted: Tue Mar 15, 2011 6:51 am    Post subject: Graphical logs for iptables Reply with quote

Hi,

Can someone suggest a script to display graphically logs, port scan summary,SPA(port knocking), bad auth; all via http (would be easier)?

i got iptables, psad, fwknop and will put fwsnort or snort (not sure yet).

I know Gnuplot exists, but i was wondering if there is something else out there :)

thank you :)
Back to top
View user's profile Send private message
gerdesj
l33t
l33t


Joined: 29 Sep 2005
Posts: 621
Location: Yeovil, Somerset, UK

PostPosted: Sat Mar 19, 2011 12:53 am    Post subject: Re: Graphical logs for iptables Reply with quote

Its a tricky one! In general, the Unix and therefore the Linux "way" is to bolt together several bits to get the desired result.

I have not found a simple drop in thing for what you want so here is a suggestion - it will take some work though.

You need to grab the data, store it, process it and then output it.

Grab the data - I know that rsyslog is pretty handy at grabbing kernel logging and can fire it out to:
Store it - MySQL
Process and output - Lots of things eg PHP + Apache

I have not used syslog-ng/metalog et al for a long time so I don't know if they have this feature yet but rsyslog is great for posting to MySQL. It is non trivial to set up and the docs are a bit random on the rsyslog website. However, I posted a page on their wiki a while back relating to Exim logging to MySQL which should give you some clues. http://wiki.rsyslog.com/index.php/EximAmalgamatedLog

Once you've got your data into MySQL then you have loads of presentation apps available. As a last resort you can always use PHPMyAdmin.

Yes, it would be nice if someone created an app for this but that would probably force you in to using iptables in a certain way rather than your way. The tools are available for you to do the job yourself without having to resort to C.

This is probably not the answer you wanted to hear but I hope that you appreciate that you have options that with a bit of work will do exactly what you want.

Cheers
Jon
Back to top
View user's profile Send private message
Bones McCracker
Veteran
Veteran


Joined: 14 Mar 2006
Posts: 1611
Location: U.S.A.

PostPosted: Sat Mar 19, 2011 2:24 am    Post subject: Reply with quote

snort is a good tool for monitoring firewall log activity, and there are a whole bunch of graphical tools if you look, such as sguil and base:
http://sguil.sourceforge.net/
http://base.secureideas.net/screens.php
_________________
patrix_neo wrote:
The human thought: I cannot win.
The ratbrain in me : I can only go forward and that's it.
Back to top
View user's profile Send private message
cach0rr0
Bodhisattva
Bodhisattva


Joined: 13 Nov 2008
Posts: 4123
Location: Houston, Republic of Texas

PostPosted: Sat Mar 19, 2011 2:52 am    Post subject: Reply with quote

BoneKracker wrote:
snort is a good tool for monitoring firewall log activity, and there are a whole bunch of graphical tools if you look, such as sguil and base:
http://sguil.sourceforge.net/
http://base.secureideas.net/screens.php


have seen and used base
hadn't seen sguil - neat find, reading docs as we speak.
_________________
Lost configuring your system?
dump lspci -n here | see Pappy's guide | Link Stash
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum