Software Details:
Version: 1.3
Upload Date: 11 May 15
Distribution Type: Freeware
Downloads: 13
fwlogwatch is a packet filter / firewall / IDS log analyzer written by Boris Wesslowski originally for RUS-CERT.
fwlogwatch supports a lot of log formats and has many analysis options. It also features incident report and realtime response capabilities, an interactive web interface and internationalization.
Features:
- Can detect and process log entries in the following formats:
- Linux ipchains
- Linux netfilter/iptables
- Solaris/BSD/Irix/HP-UX ipfilter
- BSD ipfw
- Cisco IOS
- Cisco PIX / FWSM
- NetScreen
- Windows XP firewall
- Elsa Lancom router
- Snort IDS
- Entries can be parsed from single, multiple and combined log files, the parsers to be used can be selected.
- Gzip-compressed logs are supported transparently.
- Can separate recent from old entries and detects timewarps in log files.
- Can recognize 'last message repeated' entries concerning the firewall.
- Integrated resolver for protocols, services and host names.
- Can do lookups in the whois database.
- Own DNS and whois information cache and GNU adns support for faster lookups.
- Hosts, networks, ports, chains and branches (targets) can be selected or excluded as needed.
- Support for internationalization (available in english, german, portuguese, simplified and traditional chinese, swedish and japanese).
- Log summary mode:
- A lot of options to find and display relevant patterns in connection attempts.
- Intelligent selection of certain fields (e.g. the host name column is omitted and the host mentioned in the header of the summary if the log is from a single host, the same happens with chains, targets and interfaces).
- Output as plain text or HTML (W3C XHTML 1.1 with inline or linked CSS level 2) with limit and sort options.
- Can send summaries by email.
- The integrated report generator fills in and presents a report that can be sent to abuse contacts of attacking sites or computer emergency response teams (CERTs).
- Supports templates and incident number generation.
- All fields can be adjusted as needed interactively.
- Realtime response mode:
- The program detaches and stays in background as a daemon.
- For ipchains setups detection of necessary rules with logging turned on can be configured.
- Can catch up reading existing entries to provide up-to-date state information from program start on.
- Response can be a notification (in form of a log file entry, an email, a remote winpopup message or whatever you can put into a shell script), or a customizable firewall modification.
- The included response script adds a new chain for fwlogwatch to ipchains or netfilter setups and attackers are blocked with new firewall rules.
- Supports trusted hosts (anti-spoofing).
- The current status of the program can be followed and controlled through a web interface (supports IPv6).
What is new in this release:
- This version adds IPv6 support for netfilter, dns cache initialization, and ASA parser extensions.
Comments not found