fwanalog 0.6.9 review

Download
by rbytes.net on

fwanalog is a shell script that parses and summarizes firewall logfiles. It currently (version 0.6.9) understands logs from ipf (t

License: GPL (GNU General Public License)
File size: 117K
Developer: Bal?zs B?r?ny
0 stars award from rbytes.net

fwanalog is a shell script that parses and summarizes firewall logfiles.

It currently (version 0.6.9) understands logs from ipf (tested with OpenBSD 2.8's and 2.9's ipf, also FreeBSD, NetBSD and Solaris 8 with ipf (+ ipfw on FreeBSD)), OpenBSD 3.x pf, Linux 2.2 ipchains, Linux 2.4 iptables, some ZyXEL/NetGear routers and Cisco PIX, Watchguard Firebox, Firewall-One (not NG!), FreeBSD ipfw and Sonicwall firewalls.
I have tested it on Debian GNU/Linux "sid" with bash and OpenBSD 2.x and 3.x with ksh as /bin/sh.

Other people use it on all kinds of Unix-like platforms. (You might need to change the shebang line to bash on non-free Unixes that don't ship with a powerful enough /bin/sh.)

It can be easily extended for other logfile formats, all it takes is editing two regular expressions.

fwanalog uses the excellent log analysis program Analog (also free software) to create its reports. It does so by converting the firewall log into a fake web server log and calling Analog with a modified configuration.

Installation:

Decompress the distribution in some directory, e.g. /usr/local/fwanalog
Symlink, move or copy the fwanalog.opts.{your OS} to "fwanalog.opts"
Edit fwanalog.opts if necessary (most settings should be OK, though)
If your Analog version is not the newest stable one, find a language file for it in the langfiles/ directory and copy it over fwanalog.lng
On a non-free Unix (e.g. Solaris), modifiy the first line of the fwanalog.sh script to "#! /bin/bash" or where your bash or ksh shell is. Also, look if you have the GNU versions of the utilites listed in fwanalog.opts.
Execute ./fwanalog.sh
There should be some HTML and text reports in the directory you specified in fwanalog.opts ("$outdir").

What's New in This Release:
fwanalog.sh: New ipfw function; bugfix in cisco()
fwanalog.opts.master, support/mkopts.sh: New ipfw support
fwanalog.sh: Added contributed sonicwall parser
fwanalog.sh: Uses a lock file to avoid multiple calls with the same output directory; probably fixed the bug which caused fwanalog not to process the input if it started with the last line of fwanalog.all.log

fwanalog 0.6.9 search tags