Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enhancment: iptables log #67

Open
GoogleCodeExporter opened this issue Mar 15, 2015 · 4 comments
Open

Enhancment: iptables log #67

GoogleCodeExporter opened this issue Mar 15, 2015 · 4 comments
Labels
auto-migrated Priority-Medium Type-Enhancement

Comments

@GoogleCodeExporter
Copy link 

Thanks for a really awesome tool! :)

I've played around with Logstaligia for a few days and got it working with my 
firewall logs (iptables) by generating a modified log format thats accepted by 
Logstalgia.

It would be awesome if this was a builtin functionality in Logstalgia that a 
lot of people would appreciate.

Would this be a feature you would like to add?

Original issue reported on code.google.com by [email protected] on 30 Oct 2014 at 11:16
@GoogleCodeExporter
Copy link
Author 

Hi,

I am kind of interested in adding support for this. As you say it looks like a 
lot of people are writing their own solutions to work around there not being 
built in support.

If someone could provide some logs (with appropriate redactions) that include a 
variety of different kind of entries it would need to handle that would be a 
big help.

Cheers

Andrew

Original comment by [email protected] on 31 Oct 2014 at 1:29

  • Added labels: Type-Enhancement
  • Removed labels: Type-Defect

@GoogleCodeExporter
Copy link
Author 

Hi Andrew,

Happy to hear you would be interested in doing this.

The way I've solved this is basically by using a few data sets from the 
firewall log
- time stamp
- log prefix (accept/drop)
- source ip
- destination ip
- destination port
to create a new log that's formatted somewhat similar to that of an access log.
The log new log is given to logstalgia with a few '-g' switches that will 
create two sections, one ALLOWED and one BLOCKED, to show what traffic was 
allowed/dropped.

I'll be more than happy to provide you with
- original logs (redacted)
- the script (python) I use to parse the original logs and explanation of how 
the script generates the new logs
- the logs generated by the script (redacted)
- the regex used with logstalgia to process the logs

If this is of interest to you, I'll try getting it to you over the weekend.

//Are

Original comment by [email protected] on 31 Oct 2014 at 7:45

@GoogleCodeExporter
Copy link
Author 

Hi Are,

That sounds great. I might not look into this immediately so whenever you have 
time.

Original comment by [email protected] on 31 Oct 2014 at 8:47

@GoogleCodeExporter
Copy link
Author 

Hi Andrew,

Awesome! I'll try getting it to you by tomorrow evening or early Sunday.

Original comment by [email protected] on 31 Oct 2014 at 9:50

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
auto-migrated Priority-Medium Type-Enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@GoogleCodeExporter