Wflogs is a firewall log analysis tool. It can be used to produce a log summary report in plain text, HTML and XML, or to monitor firewalling logs in real-time.
This project is part of the WallFire project, but can be used independently.
Usage examples:
wflogs -i netfilter -o html netfilter.log > logs.html
converts the given netfilter log file into a HTML report.
wflogs --sort=protocol,-time -i netfilter -o text netfilter.log > logs.txt
converts the given netfilter log file into a sorted (by protocol number, then reverse time) text report.
wflogs -f '$start_time >= [this 3 days ago] && $start_time < [this 2 days ago] && $chainlabel =~ /(DROPREJECT)/ && $sipaddr == 10.0.0.0/8 && $protocol == tcp && ($dport == ssh $dport == telnet) && ($tcpflags & SYN)' -i netfilter -o text --summary=no
shows log entries (without summary) which match the given expression (refused connection attempts that occured 3 days ago to ssh and telnet ports coming from internal network 10.0.0.0/8).
wflogs -i netfilter -o text --resolve=0 --whois=0 netfilter.log
converts the given netfilter log file into a text report (default mode), disabling IP address reverse lookups and whois lookups.
wflogs -i netfilter -o xml netfilter.log > logs.xml
exports netfilter logs in XML.
wflogs -i ipchains -o netfilter ipchains.log > netfilter.log
converts ipchains logs into netfilter log format. So you may process them with your favorite netfilter log analyser, for example (even if the latter may not be better than wflogs itself.
wflogs -i ipfilter -o human --datalen=yes ipfilter.log
produces a report about ipfilter logfile in natural language on stdout, displaying packet length (datalen option) which is not showed by default.
wflogs -R -I
monitors logs in real-time in an interactive shell, waiting for logs in the default system logfile, in guessed format (according to the local firewalling tool).
Supported systems
WallFire is intended to work on real systems such as Unix, especially Linux and *BSD.
Current wflogs input modules are:
· netfilter (Linux 2.4 and 2.6 firewall logs)
· ipchains (Linux 2.2 firewall logs)
· ipfilter (NetBSD, FreeBSD, OpenBSD, Solaris, SunOS 4, IRIX and HP-UX running ipfilter firewall logs).
· cisco_pix (Cisco PIX filter logs)
· cisco_ios (Cisco IOS filter logs)
· snort (Snort ACLs logs)
Please note that input modules are available on any architecture on which wflogs can run (for example, you can perfectly parse Cisco PIX logs on a Linux box).
· Ключевые особенности и характеристики Wflogs 0.9.8
Не определены
· Ограничения Wflogs 0.9.8
Ограничения не определены
· Специальные требования Wflogs 0.9.8
Специальные требования не определены
· История версий и изменений Wflogs
Версия: 0.9.8
· Improved matching of netfilter and ipfilter input modules.
· Added support for Cisco FWSM (PIX).
· Improved netfilter parsing.
· Compilation fixes for ·BSD.
· Added wflogs.dtd.
· Added wfchkintegrity tool, which enables to monitor changes in the firewalling configuration.
· Fixed buffer sizes for some input modules.
· Fixed parsing with recent flex versions.
· Описание и дополнения от редакторов и пользователей сайта
софт
скрипты
драйвера
форумы
блоги
Описание программы
Комментарии (0)
Скриншоты (0)
Файлы (1)
Описание программы 
Другие программы от Hervй Eychenne