LILA - Live Iptables Log Analyzer

Hi,
I'd like to present you a program I've written to analyze iptables firewall logs. Over more than one year has passed now and I finally released LILA 1.0. It is a command line application coded in python which uses a MySQL database.
If everything is set up (mysql, syslog-ng, iptables rules and optionally pdnsd) it shows in an easy to read colored output, which packets are currently being sent or received. It can analyze older logs, too. Of course appropriate firewall rules must exist.
For the moment, I'd like to highlight two particular features: It resolves IPs to hostnames (two different techniques) and detects duplicate (same destination IP and chain) packets, which have been sent in a freely configurable time interval. Thus you won't get "flooded" with hundreds of identical packets, which don't offer any additional information.
It has a lot of other features, I can't list now, but I've created an extensive PDF documentation, which contains a feature overview a detailed description and a "demo part", where you can see LILA in action (screenshots). Of course installation notes and a changelog are also included. In short, it contains everything to say about LILA. You can find it inside the tarball.
Perhaps some of you will find this tool useful, especially if you want to know what you PC is sending to the internet. In its current state it predominantly targets curious (and security interested?) people, who also have some linux knowledge. [Therefore I think the arch forums are a good place]. Personally I use it to monitor traffic on my external firewall. This way I instantly notice if a program wants to send packets unasked (specially useful if a computer in you LAN has Windows installed).
Download: https://sourceforge.net/projects/lila/
Direct link to the documentation: http://sourceforge.net/projects/lila/fi … f/download
I'd be happy if some of you take the time to have a look at it and perhaps also give me some feedback. (Bugs, setup problems, ideas for improvement etc.)
Thank you for your time!
Thallium

http://wiki.archlinux.org/index.php/DNS_with_bind -> Did you try it too ?

Similar Messages

  • Unable to install any .air (media player, log analyzer...)

    Hi all,
    I tried unsuccessfully for three days to install PS CS5 : reboot without BSOD, no windows logs.
    Seeking the origin of the problem I discovered that installing Adobe Media Player 1.7 with .air immediately caused the same problem (crash, reboot).
    Unfortunately the installation of Adobe log analyzer also causes the same crash/reboot !
    If the tool to solve the problems causing the same problems... what can I do ?
    I am an happy user of CS4.
    Windows XP SP3 2Go RAM
    Help me please.
    Bonsoir de Paris.

    Hi 1Albert, So glad to hear that's working for you
    Yes, some of the older Macs take a little investigation and tweaks like you say, to find the right software to get it working.
    Thanks for posting back and marking your thread as answered. Your thread, as others is helpful for all users of those Macs.
    Regards,
    eidnolb

  • Log analyzer and reporter for Weblogic ?

    We are using Weblogic 6.1 as a web server (no proxy).
    Does anyone know of a good Web log analyzer for Weblogic 6.1 ?
    The analyzer would analyze the log of WLS and display various statistics graphically.
    Something like Webtrends or Analog for IIS, IPlanet and Apache servers.

    AlterWind LogAnalyzer http://www.alterwind.com/loganalyzer/ allows to
    analyse a log file of any format.
    "mucucu" <[email protected]> wrote in message news:<3dc2ec2d$[email protected]>...
    We are using Weblogic 6.1 as a web server (no proxy).
    Does anyone know of a good Web log analyzer for Weblogic 6.1 ?
    The analyzer would analyze the log of WLS and display various statistics graphically.
    Something like Webtrends or Analog for IIS, IPlanet and Apache servers.

  • Firestarter Logging to iptables.log - Can It Be Disabled?

    I have added the firestarter firewall to my Arch 0.7.1 setup. While I appreciate the added protection, it does introduce one problem. Firestarter appears to be writing regular logs to a log file somewhere, /var/log/iptables.log I think.
    This means that predicably, about every 6 seconds, my hard disk cranks. This is noisy and annoying. Is there any way to disable this logging, or redirect it somehow such that the hard drive isn't involved every 6 seconds? Even being able to change that interval to a larger one (say once a minute) would be just fine. Thanks!

    I suppose firestarter must pass it's parameters to iptables without writing them to disc. Have you tried running firestarter, then running iptables-save when the firewall is running? This will give you the current iptables configuration. If the file is pretty long (which it would be if firestarter has given iptables some commands) you can redirect that output to the file /etc/iptables.rules and run iptables without firestarter. You could then edit the rules file and change the logging interval.

  • Open Source Log Analyzer Project

    Hi people,
    I have a question whether there is a open source project which analyze logs from database. I mean I have a table(Log table which is like syslog message format). I need to analyze this table with a web based project. So, Do you know any open source project that do this? Thanks

    Huh? How is this question related to JSF?
    Anyway, is Google installed at your machine? After feeding it with the topic title "Open Source Log Analyzer Project", it told me here something about AWStats and SourceTree and so on. More can't I (and Google) be of help.
    You can also consider writing one yourself with help of smart coding and nice API's like JFreeChart.

  • Log Analyzer in Portal SP 17

    Hi,
    where can I found the Log Analyzer in Portal with service stack 17? I can't find it in >> System administration >> Support >> Portal Runtime ?
    Is there any configuration necessary?
    Thanks for your answers.

    Hi Andreas,
    this is normal behaviour. The Log Viewer has been removed from the Portal since SPS16, I think. This is because of the fact that all monitoring related information shall be accessed in the NetWeaver Administrator. So for accessing the logs you have the following possibilities:
    - via NetWeaver Administrator: http://yourportal:port/nwa
    - via Visual Administrator: Log Viewer service
    - Standalone Log Viewer
    Best regards,
    Thomas

  • Iptables log redirection with systemd

    Hello,
    I'm currently looking to have my iptables log redirected elsewhere than the journalctl instance.
    However, I've found plenty of ways to od it with syslog or syslog-ng but I'd like to avoid to install these.
    How could I do ?
    Thanks a lot

    https://wiki.archlinux.org/index.php/systemd#Journal

  • Apache log analyzer for mac?

    (note: this was posted in the OS 10.6 forum earlier, where it remained without replies. so i'm trying here now)
    i'm looking for an apache log analyzer for mac that is fairly easy to configure and use.
    have done some digging around and could not find anything that i found suitable
    (yes i've seen awstats (want to configure based on local apache - configuration too much of a headache), analog (doesn't even unarchive) and several others. )
    any pointers would be greatly appreciated.

    thanks for the reply doug.
    there was a mac binary of webalizer, which, however, seems to have disappeared.
    compiling from source is not really what i was looking forward to

  • Good Cisco VPN 3030 Log Analyzer

    I need your advice on VPN Conc log analyzer. I am using Kiwi Syslog Enterprise as syslog server. Does any body know or have a recommendation for a good VPN log analyzer that analyzes VPN logs and spit out a report?

    The RME Syslog Analyzer matches syslog messages with managed devices, so for a very large database (a very large number of devices in inventory), high CPU utilization can be expected for this process, even with a lower message rate. Also note that attempting to generate reports when the database insert rate is high and sustained is the worst case possible.

  • Web cache log analyzer

    Hello to all
    I spend too many time searching for a software for oracle web cache's log analyzer without any good answer, my question is, is it really impossible to analyze the file event_log generated by oracle web cache?
    Thanks for reading this, specially if you give me an answer ;)

    Oracle provides some "Portal Performance scripts" to sql*load the logs into a schema and then get some figures with seeded views. You can adapt to what you need.
    see http://www.oracle.com/technology/products/ias/portal/performance_10g1014.html

  • Defacto Web Log Analyzer?

    Wondering if there's a defacto apache web log analyzer that most of you use for Mac OS X Server?
    Seems to be minimal simple options out there to just install and work. I'm not a Unix admin by any stretch, so something with a GUI or Web admin front end would be perfect.
    Cheers
    Brendan

    There is one one 'defacto' analyzer -- the one built into the traffic graphs of the SA.
    If you are instead asking what folks like to use, that varies greatly. You can run them yourself or use a 'service' such as Google.
    Here's a starter list for you to explore:
    Accrue Insight
    Analog
    AWstats
    FunnelWeb
    Sawmill
    Summary
    Urchin / Google Analytics
    Webalizer
    Wusage
    So explore all of those and report back here -- let us know what works best for you, and why.

  • SSIS Log Analyzer

    In this video, I'm going to demonstrate how to use the SSIS Log Analyzer tool to analyze complex and verbose SSIS logs quickly and easily.
    http://technet.microsoft.com/en-us/sqlserver/hh319894.aspx

    Hi DebarchanS,
    Thanks for sharing.
    Thanks,
    Eileen
    Eileen Zhao
    TechNet Community Support

  • Web log analyzer

    Does anyone know of a decent free web log analyzer for the Mac. I don't need anything fancy but all the ones I've seen are for Windows. Thanks.
    powerbook G4 12   Mac OS X (10.4)  

    There is one one 'defacto' analyzer -- the one built into the traffic graphs of the SA.
    If you are instead asking what folks like to use, that varies greatly. You can run them yourself or use a 'service' such as Google.
    Here's a starter list for you to explore:
    Accrue Insight
    Analog
    AWstats
    FunnelWeb
    Sawmill
    Summary
    Urchin / Google Analytics
    Webalizer
    Wusage
    So explore all of those and report back here -- let us know what works best for you, and why.

  • Log Analyzer for Cisco devices

    Hi all:
    Could you please help me finding a Log Analyzer tool for Cisco devices (preferably, free).
    Thanks!
    W.

    In the free arena, many people recommend the Kiwi Syslog Analyzer. Solarwinds bought the product last year and now market a licensed version; but they stil offer a free version as well. See:
    http://www.solarwinds.com/products/freetools/kiwi_syslog_server/

  • Firewall Log Analyzer

    We currently have a PIX firewall and I am wondering what would be a good real time log anaylzer. Currently we are using ManageEngine's Firewall Analyzer but have run into some issues with the product.
    Thanks

    Craig,
    Thank you for the post. I believe you must have used Firewall Analyzer's basic edition (Firewall Analyzer 4), and the application has reached various milestones in the past. The latest version of ManageEngine Firewall Analyzer is 7.2
    The product almost support all the leading vendors in the industry. Our application is segregated in to the three categories and they are,
        1.Traffic
        2.Security
        3.Management
    1. Traffic Statistics:
          This will give you the complete bandwidth information that was transacted through out the network with multiple drill analysis such as Source, Destination, Protocol, Hits, Bytes Sent, Bytes Received etc.
    You can even do capacity planning and forecasting with the product.
    2. Security Statistics:
          Security Statistics (Reports) will display all malicious events in your network. It will help you to know the various threats and attacks to the company from outside to inside and vice versa.
    3. Management Statistics:
          This will help you to do audit and security configuration analysis which includes change management, compliance report. This will point out the loop holes of the network and assist you to fix it.
    Why Firewall Analyzer?
    Support for Firewall and security devices from multiple vendors
    Real-time bandwidth monitoring
    Employee internet usage with URL monitoring
    Real-time alerting
    Firewall Change Management reports
    Security Audit & Configuration Analysis reports
    Diagnose live connections
    Capability to view traffic trends and usage patterns (Capacity Planning)
    Powerful search for forensic and security analysis
    Multi-level drill down into top hosts, protocols, web sites and more
    Network security reports
    Firewall compliance reports
    Flexible and secured log data archiving
    Rebranding, User based views and dashboard for MSSP Support
    and more
    http://www.manageengine.com/products/firewall/features.html
    I recommend you to evaluate the fully functioned 30 days evaluation copy and check if it helps you to acheive your use case.
    Regards,
    Vignesh.K
    Firewall Analyzer

Maybe you are looking for

  • How to use oracle OCIANYDATASET?

    Hi, All When I try to update oracle example "Pipelined Table Functions Example: C Implementation" to return OCIANYDATASET, but from oracle documnet, I cannot find any example about how to use OCIANYDATASET, would you please help me out of this issue,

  • Why doesn't the option "open new windows in a new tab instead" work in the newest version of Firefox when it worked fine in previous versions?

    In previous versions when using Google search and clicking on a link it would open in a new tab. Now it opens on top of the Google search preventing a comparison of two links by switching from one tab to another.

  • Question on file Quality

    I just signed up for iTunes match and have a question regarding the quality needed for songs to be uploaded to the iCloud.  I have a number of songs on my computer that are encoded in Mono in AAC at 64 kbps.  I know that Apple has demands for quality

  • How to use functional global with a large amount of variables?

    Hi all, I'm currently developping a LV program which control and acquired data from a device. Up to now I used global variables ( very conveniente to use for experimental parameters). But now my program is become to be too large and I have too much "

  • Overwrite files twice?

    This problem just started happening today.  For some reason, Illustrator CS3 now needs to be told twice to overwrite files. Here's what happens: Select File/Save as... Dialog box comes up asking where to save the file. Navigate and select a file to o