Mailinglist Archive: opensuse-security (375 mails)

< Previous Next >
Analysis tool for SuSEfirewall2 logfile
  • From: David Huecking <d.huecking@xxxxxxx>
  • Date: Wed, 4 Sep 2002 23:47:23 +0200
  • Message-id: <200209042347.23497.d.huecking@xxxxxxx>
Hello list,

I'm searching for a analysis program/ tool for the logfile of SuSEfirewall2
that makes e.g. this line more "userfriendly":
Output could be e.g. an ASCII (or maybe HTML) file with columns: Date,
dropped/ rejected/ accepted, Source (with if possible looked up name),
Destination (with if possible looked up name), Interface with Direction,
Protocoltype, Sourceport (with if possible service-name), Destinationport
(with if possible service-name)

Sep 4 22:21:44 minasmorgul kernel: SuSE-FW-REJECT IN=ppp0 OUT= MAC=
SRC=134.76.11.100 DST=80.133.93.126 LEN=60 TOS=0x00 PREC=0x00 TTL=56 ID=4610
DF PROTO=TCP SPT=59503 DPT=113 WINDOW=5840 RES=0x00 SYN URGP=0 OPT
(020405840402080A1659994E0000000001030300)

The line from /var/log/firewall would be:
Sep 4 22:21:44 | REJECT | 134.76.11.100 (ftp.gwdg.de) | 80.133.93.126
(p50855D7E.dip.t-dialin.net) | ppp0 (IN) | 59503 | 113 (ident)

There could be some extra like showing obvious port-scans (one adress sending
packets to some hundred ports in a short time).

Does anyone know a tool doing this or part of this?!

--
Eat, sleep and go running,
David Huecking.

Encrypted eMail welcome! GnuPG/ PGP-Fingerprint:
3DF2 CBE0 DFAA 4164 02C2 4E2A E005 8DF7 5780 9216


< Previous Next >
This Thread
  • No further messages