adcfw-log

firewall logs analyzer/summarizer

Description

adcfw-log is a tool for analyzing firewall logs in order to extract meaningful information. It is designed to be a standalone script with very few requirements that can generate different kinds of reports, such as fully formatted reports of what had been logged, with summaries by source or destination host, the type of service, or protocol. There are also options to filter the input data by date, host, protocol, service, and so on.
Only netfilter log format is supported at this time.

Features

These are the features adcfw-log provides at this stage:
  • support for netfilter log format
  • log entries filtering based on protocol, source host, destination host, service, prefix, input and output interfaces
  • specific reports based on protocol, source or destination hosts, service
  • summaries based in source host, destination host, service and prefix

Requirements

adcfw-log requires only a perl interpreter. It's developed using perl 5.6.1, but I think it should run well with any older subversion of perl5.

Release notes

These are the changes in the latest release (0.10.0):
  • destination host and service based summaries were added
A full development history can be found in the CHANGESLOG...

Download

The latest release of adcfw-log is available from the SourceForge Files Section

These are the md5 sums for the available releases:
  • adcfw-log-0.10.0.tar.gz: ef87de194d5a64e04b8d2553b3acad43
  • adcfw-log-0.9.1.tar.gz: 43abb6d5eabc298dbf66e7a9160a281b
Available binaries:

Bugs

I really wish adcfw-log to be a bug free piece of software. Unluckily wishes and reality often slightly differs...

You can find an updated list of bugs searching the bug tracker available at Sourceforge.

Contributions

Any kind of contribution to adcfw-log is really welcome.

If you wish to package adcfw-log for your favorite Linux distribution, or if you like to port it for a different architecture, feel free to do it. I'd simply like to receive a note to correctly update the information in this document and on the web site.
If you wish to contribute to development, ask for a feature which is not yet implemented or planned, submit a bug report or simply ask for help, you can take advantage of the available trackers for this project.

Patches and code contributions can be directly sent to myself.

If you prefer to contribute to the project with a donation, you can refer to my donation page at Sourceforge.

Mailing lists

There are three active mailing lists for adcfw-log:
  • Announce: New releases and other important announcements
  • Users: General discussions
  • Devel: Developers community

Copyright

Copyright (C) 2002-2006 Alessandro Dotti Contra

For a full list of contributors please read the AUTHORS and THANKS file included with the package.

adcfw-log is distributed under the GPL


Latest news!
2006-02-24: adcfw-log 0.10.0 was released.
This release features two new summaries: a destination host based summary and a service based one. Some minor fixes were performed as well.
2004-07-11: adcfw-log rpms available.
RedHat and Fedora users can now install adcfw-log rpms.
Thanks to Dag Wieers, various RedHat/Fedora rpms can be downloaded from Dag's apt/yum enabled rpm repository.
2003-07-13: adcfw-log 0.9.1 was released.
This is a major bugfixes release. Wrong reporting of icmp packets when informations about originating packet are logged too was fixed.
2003-07-03: adcfw-log 0.9.0 was released.
This release supports input and output interfaces based filtering of entries. Minor bugfixes were also performed.
2003-06-08: adcfw-log 0.8.2 was released.
In this release, detailed summaries print informations sorted by packet count and total entries count for each item; minor consistency fixes on summaries and reports were performed.
2003-04-16: adcfw-log 0.8.1 was released.
In this release two minor bugs were fixed. A wrong recognition of RES field values which led to wrong reports output was fixed. An error message is issued if --detailed option is used without specifying a summary.
2003-01-18: adcfw-log 0.8.0 was released.
In this release, a new summary wad added. It's now possible to summarize packet informations by prefix. The detailed version of the summary counts informations by prefix, source host and destination host. Some minor code cleanup was performed and minor cosmetic bugs were fixed.
2002-12-12: adcfw-log 0.7.0 was released.
This is the first release that supports summaries. A source host based summary is available; informations can be printed briefly or in a more detailed format. The brief format shows a total packet counter for each host, while the detailed format shows informations grouped by host, with a counter for each single destination host and service/icmp type. An harmless bug in command line options handling was also fixed.
2002-12-01: adcfw-log 0.6.1 was released.
In this release, reports were modified to have interface names like ipsec displayed correctly. Tcp flags information is always printed using brief format.
2002-11-15: adcfw-log 0.6.0 was released.
In this release, a service based report was added. This report groups informations on a service basis, with details for each tcp or udp packet. Moreover, --dest-host option was changed to --destination-host, and minor changes to existing reports were made.
2002-11-05: adcfw-log 0.5.0 was released.
In this release, new filtering options were added; it's now possible to filter log entries on a service or prefix basis. Minor code cleanup and improvements were also performed.

(C) 2002-2006 Alessandro Dotti Contra (adotti@users.sourceforge.net)

SourceForge.net Logo Freshmeat.net Logo valid html 4.01 valid css