Nulog 1.2.1 review
DownloadNulog is a firewall log analysis interface written in php
|
|
Nulog is a firewall log analysis interface written in php. Netfilter is able to log selected packets directly in a database like MySQL or PostgreSQL.
Nulog uses this interface to display security events in real-time on a user-friendly interface.
Here are some key features of "Nulog":
show the last hosts that sent packets that got blocked by your firewall.
show the last ports that hosts tried to open.
search for packets logged from an host.
search for packets logged for a given port.
search for packets logged for a given user.
Installation
Settings up the database
To use it, create a mysql database ulogd, tape as root :
mysqladmin create ulogd
Next, populate the database using ulogd.mysqldump :
cat ulogd.mysqldump | mysql -u USER -p ulogd
Put your user and password in include/require.inc.
Note
The database is not the standard mysql database for ulogd. It add a few tables and indexes to have thing work fast.
Settings up netfilter
If you don�t use EdenWall or NuFW, you need to configure your netfilter installation.
Now you can log into the database. To log bad packet you have to use use ULOG
iptables -A FORWARD -j ULOG --ulog-nlgroup 1 --ulog-prefix "badif"
What's New in This Release:
This release fixes a problem with non-clickable links on the main page.
Nulog 1.2.1 keywords