Hello list, I'm searching for a analysis program/ tool for the logfile of SuSEfirewall2 that makes e.g. this line more "userfriendly": Output could be e.g. an ASCII (or maybe HTML) file with columns: Date, dropped/ rejected/ accepted, Source (with if possible looked up name), Destination (with if possible looked up name), Interface with Direction, Protocoltype, Sourceport (with if possible service-name), Destinationport (with if possible service-name) Sep 4 22:21:44 minasmorgul kernel: SuSE-FW-REJECT IN=ppp0 OUT= MAC= SRC=134.76.11.100 DST=80.133.93.126 LEN=60 TOS=0x00 PREC=0x00 TTL=56 ID=4610 DF PROTO=TCP SPT=59503 DPT=113 WINDOW=5840 RES=0x00 SYN URGP=0 OPT (020405840402080A1659994E0000000001030300) The line from /var/log/firewall would be: Sep 4 22:21:44 | REJECT | 134.76.11.100 (ftp.gwdg.de) | 80.133.93.126 (p50855D7E.dip.t-dialin.net) | ppp0 (IN) | 59503 | 113 (ident) There could be some extra like showing obvious port-scans (one adress sending packets to some hundred ports in a short time). Does anyone know a tool doing this or part of this?! -- Eat, sleep and go running, David Huecking. Encrypted eMail welcome! GnuPG/ PGP-Fingerprint: 3DF2 CBE0 DFAA 4164 02C2 4E2A E005 8DF7 5780 9216