Tired of reading iptables looking for bad packets? Wish all that confusing mumbo-jumbo was just a table in a database? Well, today folks, you are in luck, twice over!
If you just want to read the syslog output with a “tail –follow” (and deal with the cpu overhead), then the IPTables Log Analyzer is for you. The php web interface is quite nice and the database structure isn’t bad, but reading the log continuously might not scale well if you have lots of bad packets to log.
The more whiz-bang, bells and whistles loaded method is to use the ULOG target in iptables rules and ulogd and it’s associated plugins to log to MySQL. The lacking part here is a nice web interface. Maybe I can adapt the other interface to use this database layout.
This has applications in both jobs. One has a public side firewall that cries out for better log analysis, the other has boxes running portsentry as an early warning system for infected machines scanning hosts, primarily Windows ports.
Update: I’m reinventing the wheel for no reason, see Webfwlog