SPUG:firewall log analysis widget (in progress)
Fred Morris
m3047 at inwa.net
Tue May 13 21:09:50 CDT 2003
My firewall logs are HUGE (am I just lucky, or what?).
Making sense out of it has been mostly voodoo and experience, and I decided
to put a "face" on it. A couple months ago I wrote a Perl script (with
plugin filters) to extract "interesting" items out of the various logs and
put them into a MySQL table.
So this last weekend I wrote a bunch of CGIs to report on that data
(relying heavily on SqlHtmlRpt lifted from the Calendar thingy) and
maintain the set of firewall rules in a separate table.. with the added
plus of color-coding stuff based on whether or not a rule would pick it
up... and the ability to mark "special" addresses with different colors
than the rest. I'll write another Perl script to build the firewall load
script from the rules table when I have time.
A very in-depth analysis tool for a single or handful of boxes situation.
Anybody interested in looking at it? Should I give a lightning talk about
it at SPUG? I'll probably give a talk about it at GSLUG sometime in the
next few months.
--
Fred Morris
m3047 at inwa.net
More information about the spug-list
mailing list