Nulog 1.2.1 review

Download
by rbytes.net on

Nulog is a firewall log analysis interface written in php

License: GPL (GNU General Public License)
File size: 56K
Developer: INL
0 stars award from rbytes.net

Nulog is a firewall log analysis interface written in php. Netfilter is able to log selected packets directly in a database like MySQL or PostgreSQL.

Nulog uses this interface to display security events in real-time on a user-friendly interface.

Here are some key features of "Nulog":
show the last hosts that sent packets that got blocked by your firewall.
show the last ports that hosts tried to open.
search for packets logged from an host.
search for packets logged for a given port.
search for packets logged for a given user.

Installation

Settings up the database

To use it, create a mysql database ulogd, tape as root :

mysqladmin create ulogd

Next, populate the database using ulogd.mysqldump :

cat ulogd.mysqldump | mysql -u USER -p ulogd

Put your user and password in include/require.inc.

Note

The database is not the standard mysql database for ulogd. It add a few tables and indexes to have thing work fast.

Settings up netfilter

If you don�t use EdenWall or NuFW, you need to configure your netfilter installation.

Now you can log into the database. To log bad packet you have to use use ULOG

iptables -A FORWARD -j ULOG --ulog-nlgroup 1 --ulog-prefix "badif"

What's New in This Release:
This release fixes a problem with non-clickable links on the main page.

Nulog 1.2.1 search tags