On Thu, 28 Apr 2005, Markus Feilner wrote:
Hello List, which analyzer for iptables or SuSEfirewall do you use? IPTables log analyzer from http://www.gege.org/iptables/ seems to be of 2002, On http://www.iptablesrocks.org/guide/analyze.php they recommend http://www.iptablesrocks.org/downloads/iptables_logger_v0.4.tar.gz, but that needs a sql database, too - which i don't want to have on my firewall.
you don't need the database server on the same physical machine. It can be a separate machine since MySQL and Postgresql both support IP connectivity. In fact it is preferable that firewall logs be echoed to a separate machine and stored on a disk to which the firewall doesn't have access. This way in case the firewall machine is compromised you have the logs.