Webfwlog - Firewall Log Analyzer | KitPloit - PenTest Tools for your Security Arsenal!



Wednesday, June 4, 2014

on

Webfwlog is a flexible web-based firewall log analyzer and reporting tool. It supports standard system logs for linux, FreeBSD, OpenBSD, NetBSD, Solaris, Irix, OS X, etc. as well as Windows XP®. Supported log file formats are netfilter, ipfilter, ipfw, ipchains and Windows XP®. Webfwlog also supports logs saved in a database using the ULOG or NFLOG targets of the linux netfilter project, or any other database logs mapped with a view to the ulogd schema. Versions 1 and 2 of ulogd database schemas are supported. Webfwlog is licensed under the GNU GPL.

Webfwlog fully supports IPv6 for database logs, and netfilter and ipfilter system logs.

With Webfwlog you can design reports to use on your logged data in whatever configuration you desire. Included are example reports as a starting point. You can sort a report with a single click, “drill-down” on the reports all the way to the packet level, and save your reports for later use.


Prerequisites:
  • A web server with PHP >= 4.1
  • Log files in standard netfilter, ipfilter, ipfw, ipchains or Windows XP® format or database logs populated with the ULOG or NFLOG target of netfilter, or other database logs mapped with a view to ulogd version 1 or 2 schemas
  • A MySQL or PostgreSQL database server:
  • MySQL >= 3.23.52 or any production release of 4.x or 5.x
  • MySQL >= 5 required for IPv6
  • PostgreSQL >= 7.1
  • PostgreSQL >= 7.4 required for IPv6
  • Your favorite web browser.

Changelog v1.0

  • Add support for ulogd version 2.
  • Add support for snort database logs.
  • Add support for Cisco IOS and Cisco PIX log formats (syslog).
  • Add support for snort log files (syslog).
  • Add support for netscreen log files (syslog).
  • Add support for multiple table/view selection (database).
  • Add IPv6 support for database logs, netfilter and ipfilter.
  • Add support for RFC 5424 dates in netfilter log files.
  • Add ip protocol number / name in ip headers section on packet detail page.
  • Accept numeric criteria in binary notation (0b10010100)
  • Output numeric fields in configurable format (decimal, hex, octal, binary).
  • Substantial performance improvement with database logs.
  • Only print fields on packet detail page where data exists.
  • Only populate cache for fields appearing in report.
  • Add option to populate cache for fields even when not in report.
  • Work natively with postgresql inet column type.
  • Implement php mysqli interface and use it when present.
  • Test icmp_gateway column type separately from ip_saddr (database).
  • For protocol-specific criteria/match, only check/display when relevant.
  • Always use oob_time_sec when local_time does not exist (database).
  • Add config parameter to set timezone if not set in php.ini (PHP >= 5.1).
  • Sort blank source and destination port last for syslog (to match database).
  • Fix matching by tcp options when not exact match (syslog).
  • Fix parsing of ipfilter icmp code names.
  • Fix display of service names to ‘-’ when name doesn’t resolve(database logs).
  • Fix state maintenance when using alternate data source.
  • Fix display of oob time to use date format string (database).
  • Fix display of icmp gateway on packet detail page.
  • Fix mysql and postgresql setup scripts for sample reports on some systems.
  • Fix drill-down with arbitrary column defined in some cases (database).
  • Fix page refresh when running report from report editor.
  • Fix harmless PHP notice-level messages about undefined indexes, etc.
  • Fix for netfilter when kernel logs uptime (syslog).
  • Fix for Cisco PIX ID string variations.
  • Gracefully continue on home page/report editor if no log table or view found.
  • Remove outmoded option to update all in cache (database).
  • Do not require or allow “AND” at start of additional WHERE clause (database).
  • Use pcre instead of deprecated ereg functions internally.
  • Allow trailing comments in conf file.
  • Build system: use automake
  • HTML fixes.
  • Fix compiler warnings.
  • Code cleanup.
  • Documentation updates.


Subscribe via e-mail for updates!