LILA - Live Iptables Log Analyzer
Hi,
I'd like to present you a program I've written to analyze iptables firewall logs. Over more than one year has passed now and I finally released LILA 1.0. It is a command line application coded in python which uses a MySQL database.
If everything is set up (mysql, syslog-ng, iptables rules and optionally pdnsd) it shows in an easy to read colored output, which packets are currently being sent or received. It can analyze older logs, too. Of course appropriate firewall rules must exist.
For the moment, I'd like to highlight two particular features: It resolves IPs to hostnames (two different techniques) and detects duplicate (same destination IP and chain) packets, which have been sent in a freely configurable time interval. Thus you won't get "flooded" with hundreds of identical packets, which don't offer any additional information.
It has a lot of other features, I can't list now, but I've created an extensive PDF documentation, which contains a feature overview a detailed description and a "demo part", where you can see LILA in action (screenshots). Of course installation notes and a changelog are also included. In short, it contains everything to say about LILA. You can find it inside the tarball.
Perhaps some of you will find this tool useful, especially if you want to know what you PC is sending to the internet. In its current state it predominantly targets curious (and security interested?) people, who also have some linux knowledge. [Therefore I think the arch forums are a good place]. Personally I use it to monitor traffic on my external firewall. This way I instantly notice if a program wants to send packets unasked (specially useful if a computer in you LAN has Windows installed).
Download: https://sourceforge.net/projects/lila/
Direct link to the documentation: http://sourceforge.net/projects/lila/fi … f/download
I'd be happy if some of you take the time to have a look at it and perhaps also give me some feedback. (Bugs, setup problems, ideas for improvement etc.)
Thank you for your time!
Thallium
http://wiki.archlinux.org/index.php/DNS_with_bind -> Did you try it too ?
Similar Messages
-
Hi all,
I tried unsuccessfully for three days to install PS CS5 : reboot without BSOD, no windows logs.
Seeking the origin of the problem I discovered that installing Adobe Media Player 1.7 with .air immediately caused the same problem (crash, reboot).
Unfortunately the installation of Adobe log analyzer also causes the same crash/reboot !
If the tool to solve the problems causing the same problems... what can I do ?
I am an happy user of CS4.
Windows XP SP3 2Go RAM
Help me please.
Bonsoir de Paris.Hi 1Albert, So glad to hear that's working for you
Yes, some of the older Macs take a little investigation and tweaks like you say, to find the right software to get it working.
Thanks for posting back and marking your thread as answered. Your thread, as others is helpful for all users of those Macs.
Regards,
eidnolb -
Log analyzer and reporter for Weblogic ?
We are using Weblogic 6.1 as a web server (no proxy).
Does anyone know of a good Web log analyzer for Weblogic 6.1 ?
The analyzer would analyze the log of WLS and display various statistics graphically.
Something like Webtrends or Analog for IIS, IPlanet and Apache servers.AlterWind LogAnalyzer http://www.alterwind.com/loganalyzer/ allows to
analyse a log file of any format.
"mucucu" <[email protected]> wrote in message news:<3dc2ec2d$[email protected]>...
We are using Weblogic 6.1 as a web server (no proxy).
Does anyone know of a good Web log analyzer for Weblogic 6.1 ?
The analyzer would analyze the log of WLS and display various statistics graphically.
Something like Webtrends or Analog for IIS, IPlanet and Apache servers. -
Firestarter Logging to iptables.log - Can It Be Disabled?
I have added the firestarter firewall to my Arch 0.7.1 setup. While I appreciate the added protection, it does introduce one problem. Firestarter appears to be writing regular logs to a log file somewhere, /var/log/iptables.log I think.
This means that predicably, about every 6 seconds, my hard disk cranks. This is noisy and annoying. Is there any way to disable this logging, or redirect it somehow such that the hard drive isn't involved every 6 seconds? Even being able to change that interval to a larger one (say once a minute) would be just fine. Thanks!I suppose firestarter must pass it's parameters to iptables without writing them to disc. Have you tried running firestarter, then running iptables-save when the firewall is running? This will give you the current iptables configuration. If the file is pretty long (which it would be if firestarter has given iptables some commands) you can redirect that output to the file /etc/iptables.rules and run iptables without firestarter. You could then edit the rules file and change the logging interval.
-
Open Source Log Analyzer Project
Hi people,
I have a question whether there is a open source project which analyze logs from database. I mean I have a table(Log table which is like syslog message format). I need to analyze this table with a web based project. So, Do you know any open source project that do this? ThanksHuh? How is this question related to JSF?
Anyway, is Google installed at your machine? After feeding it with the topic title "Open Source Log Analyzer Project", it told me here something about AWStats and SourceTree and so on. More can't I (and Google) be of help.
You can also consider writing one yourself with help of smart coding and nice API's like JFreeChart. -
Hi,
where can I found the Log Analyzer in Portal with service stack 17? I can't find it in >> System administration >> Support >> Portal Runtime ?
Is there any configuration necessary?
Thanks for your answers.Hi Andreas,
this is normal behaviour. The Log Viewer has been removed from the Portal since SPS16, I think. This is because of the fact that all monitoring related information shall be accessed in the NetWeaver Administrator. So for accessing the logs you have the following possibilities:
- via NetWeaver Administrator: http://yourportal:port/nwa
- via Visual Administrator: Log Viewer service
- Standalone Log Viewer
Best regards,
Thomas -
Iptables log redirection with systemd
Hello,
I'm currently looking to have my iptables log redirected elsewhere than the journalctl instance.
However, I've found plenty of ways to od it with syslog or syslog-ng but I'd like to avoid to install these.
How could I do ?
Thanks a lothttps://wiki.archlinux.org/index.php/systemd#Journal
-
Apache log analyzer for mac?
(note: this was posted in the OS 10.6 forum earlier, where it remained without replies. so i'm trying here now)
i'm looking for an apache log analyzer for mac that is fairly easy to configure and use.
have done some digging around and could not find anything that i found suitable
(yes i've seen awstats (want to configure based on local apache - configuration too much of a headache), analog (doesn't even unarchive) and several others. )
any pointers would be greatly appreciated.thanks for the reply doug.
there was a mac binary of webalizer, which, however, seems to have disappeared.
compiling from source is not really what i was looking forward to -
Good Cisco VPN 3030 Log Analyzer
I need your advice on VPN Conc log analyzer. I am using Kiwi Syslog Enterprise as syslog server. Does any body know or have a recommendation for a good VPN log analyzer that analyzes VPN logs and spit out a report?
The RME Syslog Analyzer matches syslog messages with managed devices, so for a very large database (a very large number of devices in inventory), high CPU utilization can be expected for this process, even with a lower message rate. Also note that attempting to generate reports when the database insert rate is high and sustained is the worst case possible.
-
Hello to all
I spend too many time searching for a software for oracle web cache's log analyzer without any good answer, my question is, is it really impossible to analyze the file event_log generated by oracle web cache?
Thanks for reading this, specially if you give me an answer ;)Oracle provides some "Portal Performance scripts" to sql*load the logs into a schema and then get some figures with seeded views. You can adapt to what you need.
see http://www.oracle.com/technology/products/ias/portal/performance_10g1014.html -
Defacto Web Log Analyzer?
Wondering if there's a defacto apache web log analyzer that most of you use for Mac OS X Server?
Seems to be minimal simple options out there to just install and work. I'm not a Unix admin by any stretch, so something with a GUI or Web admin front end would be perfect.
Cheers
BrendanThere is one one 'defacto' analyzer -- the one built into the traffic graphs of the SA.
If you are instead asking what folks like to use, that varies greatly. You can run them yourself or use a 'service' such as Google.
Here's a starter list for you to explore:
Accrue Insight
Analog
AWstats
FunnelWeb
Sawmill
Summary
Urchin / Google Analytics
Webalizer
Wusage
So explore all of those and report back here -- let us know what works best for you, and why. -
In this video, I'm going to demonstrate how to use the SSIS Log Analyzer tool to analyze complex and verbose SSIS logs quickly and easily.
http://technet.microsoft.com/en-us/sqlserver/hh319894.aspxHi DebarchanS,
Thanks for sharing.
Thanks,
Eileen
Eileen Zhao
TechNet Community Support -
Does anyone know of a decent free web log analyzer for the Mac. I don't need anything fancy but all the ones I've seen are for Windows. Thanks.
powerbook G4 12 Mac OS X (10.4)There is one one 'defacto' analyzer -- the one built into the traffic graphs of the SA.
If you are instead asking what folks like to use, that varies greatly. You can run them yourself or use a 'service' such as Google.
Here's a starter list for you to explore:
Accrue Insight
Analog
AWstats
FunnelWeb
Sawmill
Summary
Urchin / Google Analytics
Webalizer
Wusage
So explore all of those and report back here -- let us know what works best for you, and why. -
Log Analyzer for Cisco devices
Hi all:
Could you please help me finding a Log Analyzer tool for Cisco devices (preferably, free).
Thanks!
W.In the free arena, many people recommend the Kiwi Syslog Analyzer. Solarwinds bought the product last year and now market a licensed version; but they stil offer a free version as well. See:
http://www.solarwinds.com/products/freetools/kiwi_syslog_server/ -
We currently have a PIX firewall and I am wondering what would be a good real time log anaylzer. Currently we are using ManageEngine's Firewall Analyzer but have run into some issues with the product.
ThanksCraig,
Thank you for the post. I believe you must have used Firewall Analyzer's basic edition (Firewall Analyzer 4), and the application has reached various milestones in the past. The latest version of ManageEngine Firewall Analyzer is 7.2
The product almost support all the leading vendors in the industry. Our application is segregated in to the three categories and they are,
1.Traffic
2.Security
3.Management
1. Traffic Statistics:
This will give you the complete bandwidth information that was transacted through out the network with multiple drill analysis such as Source, Destination, Protocol, Hits, Bytes Sent, Bytes Received etc.
You can even do capacity planning and forecasting with the product.
2. Security Statistics:
Security Statistics (Reports) will display all malicious events in your network. It will help you to know the various threats and attacks to the company from outside to inside and vice versa.
3. Management Statistics:
This will help you to do audit and security configuration analysis which includes change management, compliance report. This will point out the loop holes of the network and assist you to fix it.
Why Firewall Analyzer?
Support for Firewall and security devices from multiple vendors
Real-time bandwidth monitoring
Employee internet usage with URL monitoring
Real-time alerting
Firewall Change Management reports
Security Audit & Configuration Analysis reports
Diagnose live connections
Capability to view traffic trends and usage patterns (Capacity Planning)
Powerful search for forensic and security analysis
Multi-level drill down into top hosts, protocols, web sites and more
Network security reports
Firewall compliance reports
Flexible and secured log data archiving
Rebranding, User based views and dashboard for MSSP Support
and more
http://www.manageengine.com/products/firewall/features.html
I recommend you to evaluate the fully functioned 30 days evaluation copy and check if it helps you to acheive your use case.
Regards,
Vignesh.K
Firewall Analyzer
Maybe you are looking for
-
How to use oracle OCIANYDATASET?
Hi, All When I try to update oracle example "Pipelined Table Functions Example: C Implementation" to return OCIANYDATASET, but from oracle documnet, I cannot find any example about how to use OCIANYDATASET, would you please help me out of this issue,
-
In previous versions when using Google search and clicking on a link it would open in a new tab. Now it opens on top of the Google search preventing a comparison of two links by switching from one tab to another.
-
I just signed up for iTunes match and have a question regarding the quality needed for songs to be uploaded to the iCloud. I have a number of songs on my computer that are encoded in Mono in AAC at 64 kbps. I know that Apple has demands for quality
-
How to use functional global with a large amount of variables?
Hi all, I'm currently developping a LV program which control and acquired data from a device. Up to now I used global variables ( very conveniente to use for experimental parameters). But now my program is become to be too large and I have too much "
-
This problem just started happening today. For some reason, Illustrator CS3 now needs to be told twice to overwrite files. Here's what happens: Select File/Save as... Dialog box comes up asking where to save the file. Navigate and select a file to o