IPFW Log Monitor


IPFW Log Monitor

ipfwlogmonitor is a realtime monitoring script (developped in Perl) for IPFW output log. This script is written under the GNU General Public License.

Exemple of IPFW output log without IPFW Log Monitor:

# tail -f /var/log/security

Mar 18 10:19:23 al-firewall1 /kernel: ipfw: 65534 Deny TCP 193.48.73.11:58167 192.168.29.77:80 in via ste7

Mar 18 10:20:02 al-firewall1 /kernel: ipfw: 65534 Deny UDP 194.129.79.121:15905 193.48.73.125:53 in via ste0

Mar 18 10:20:11 al-firewall1 /kernel: ipfw: 65534 Deny TCP 193.48.73.11:58167 192.168.29.77:8091 in via ste7

Mar 18 10:20:14 al-firewall1 last message repeated 3 times

Mar 18 10:20:32 al-firewall1 /kernel: ipfw: 65534 Deny TCP 138.96.146.2:58165 192.168.29.100:22 in via ste7

Mar 18 10:20:54 al-firewall1 /kernel: ipfw: 65534 Deny P:47 193.48.73.11 0.0.0.0 in via ste7

Exemple of IPFW output log with IPFW Log Monitor:

# tail -f /var/log/security | ipfwlogmonitor.pl

Mar 18 10:19:23 ipfw: Deny from al-vpn2.alcasat.net.73.48.193.in-addr.arpa TCP/58167 to Eomer.alcasat.net TCP/HTTP

Mar 18 10:20:02 ipfw: Deny from 194.129.79.121 UDP/15905 to 193.48.73.125 UDP/DOMAIN

Mar 18 10:20:11 ipfw: Deny from al-vpn2.alcasat.net.73.48.193.in-addr.arpa TCP/58167 to Eomer.alcasat.net TCP/8091

Mar 18 10:20:14 Last message repeated 3 times

Mar 18 10:20:32 ipfw: Deny from www.inria.fr TCP/58165 to 192.168.29.100 TCP/SSH

Mar 18 10:20:54 ipfw: Deny from al-vpn2.alcasat.net.73.48.193.in-addr.arpa GRE to 0.0.0.0 GRE

The current version is 0.63. You can download it here.

Releases notes:

0.63 (03/03/2006):

Add port number and name

0.62b (18/04/2005):

Correct ICMP bug

0.61b (01/04/2005):

Add ports scan detection

0.6b (30/04/2005):

Correct pattern bug

0.5b (21/03/2005):

Add command line arguments (-i)

0.4b (20/03/2005):

Add command line arguments (-c and -u)
Do not resolve source service name

0.3b (15/03/2005):

Support for non TCP / UDP traffic

0.2b (10/03/2005):

Add colors for output

0.1b (01/03/2005):

First beta release

Author: Nicolas Hennion