fwlogwatch 1.1

Operating systemsOS : Windows / Linux / Mac OS / BSD / Solaris
Program licensingScript Licensing : GPL - GNU Public License
CreatedCreated : May 30, 2007
Size downloadDownloads : 1
Program licensing
Thank you for voting...

fwlogwatch is a packet filter / firewall / IDS log ...

fwlogwatch by Boris Wesslowski is a packet filter / firewall / IDS log analyzer. It supports a lot of log formats and has many analysis options. It also features incident report and realtime response capabilities, an interactive web interface and internationalization. Features:
- Can detect and process log entries in the following formats:
- Linux ipchains
- Linux netfilter/iptables
- Solaris/BSD/Irix/HP-UX ipfilter
- BSD ipfw
- Cisco IOS
- Cisco PIX / FWSM
- NetScreen
- Windows XP firewall
- Elsa Lancom router
- Snort IDS
- Entries can be parsed from single, multiple and combined log files, the parsers to be used can be selected.
- Gzip-compressed logs are supported transparently.
- Can separate recent from old entries and detects timewarps in log files.
- Can recognize 'last message repeated' entries concerning the firewall.
- Integrated resolver for protocols, services and host names.
- Can do lookups in the whois database.
- Own DNS and whois information cache and GNU adns support for faster lookups.
- Hosts, networks, ports, chains and branches (targets) can be selected or excluded as needed.
- Support for internationalization (available in english, german, portuguese, simplified and traditional chinese, swedish and japanese).
- Log summary mode:
- A lot of options to find and display relevant patterns in connection attempts.
- Intelligent selection of certain fields (e. g. the host name column is omitted and the host mentioned in the header of the summary if the log is from a single host, the same happens with chains, targets and interfaces).
- Output as plain text or HTML (W3C XHTML 1. 1 with inline or linked CSS level 2) with limit and sort options.
- Can send summaries by email.
- Interactive report mode:
- The integrated report generator fills in and presents a report that can be sent to abuse contacts of attacking sites or computer emergency response teams (CERTs).
- Supports templates and incident number generation.
- All fields can be adjusted as needed interactively.
- Realtime response mode:
- The program detaches and stays in background as a daemon.
- For ipchains setups detection of necessary rules with logging turned on can be configured.
- Can catch up reading existing entries to provide up-to-date state information from program start on.
- Response can be a notification (in form of a log file entry, an email, a remote winpopup message or whatever you can put into a shell script), or a customizable firewall modification.
- The included response script adds a new chain for fwlogwatch 1.1 to ipchains or netfilter setups and attackers are blocked with new firewall rules.
- Supports trusted hosts (anti-spoofing).
- The current status of the program can be followed and controlled through a web interface (supports IPv6).

fwlogwatch 1.1 scripting tags: firewall tool, firewall analyzer, fwlogwatch, entries, host, packet, packet filter analyzer. What is new in fwlogwatch 1.1 software script? - Unable to find fwlogwatch 1.1 news. What is improvements are expecting? Newly-made fwlogwatch 1.2 will be downloaded from here. You may download directly. Please write the reviews of the fwlogwatch. License limitations are unspecified.