[COLUG] Firewall logfile analyzer
Patrick blitz
blitz at post891.org
Mon Jul 5 12:33:27 EDT 2004
Hey guys,
I've been installing a Linux Firewall again, and was wondering if you guys could recommend me a firewall log checking tool. (netfilter FW)
i'm using logwatch and fwlogcheck right now, but I see one big manko with both of them:
Both do display every line, or in the fwlogcheck case, add all entries with "unique charakteristics".
But even there, it just lists each entry with a different ip:port.
What i would like, would be a counting of ports rather than ip's. I don't want to see every ip that attacke the common ports, like 139, 1025, 100, 6882, 80, 443. I would just like to see summaries of that, and every connection made besides that 5-10 port list.
Anybody knows any tool similar to this, that is not dshield.org ?
thanks, guys..
I'm really too lazy to write that myself rigth now, but if nobody points one out too me, i will moidfy fwlogcheck to behave like i want.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.colug.net/pipermail/colug/attachments/20040705/e8f412bf/attachment.htm
More information about the colug
mailing list