View Single Post
  #1  
Old 23rd March 2012, 11:19
Ovidiu Ovidiu is offline
Senior Member
 
Join Date: Sep 2005
Posts: 1,266
Thanks: 82
Thanked 24 Times in 20 Posts
Default need some help configuring fwlogwatch

the project is located here: http://fwlogwatch.inside-security.de/

and I installed the Debian version via apt-get. The firewall logs are written by apf-firewall.

After checking out every option in its config file this is a sample report I am getting but I really only want a summary but I can't seem to get it right. I.e. look at the first entries, they look identical. I'd love to get those summarized.

I can post my config file here if needed.

Code:
fwlogwatch summary

Generated Friday March 23 10:13:28 CET 2012 by root. 
1775 (and 137 older than 86400 seconds) of 39649 entries in 2 input files are packet logs, 1775 have unique characteristics. 
First packet log entry: Mar 22 10:18:14, last: Jan 01 01:00:00. 

All entries were logged by the same host: "h1870666". 
All entries have the same target: "-". 
Only the top 50 entries are shown.
#	chain	interface	proto	source	hostname	destination	hostname	port	service	opts
1	[81018.503995] ** SDROP **		tcp	85.214.229.212	h1870666.stratoserver.net	31.184.242.127	-	80	www	SYN
1	[81021.536094] ** SDROP **		tcp	85.214.229.212	h1870666.stratoserver.net	31.184.242.127	-	80	www	SYN
1	[81047.626337] ** SDROP **		tcp	85.214.229.212	h1870666.stratoserver.net	31.184.242.127	-	80	www	SYN
1	[81050.660093] ** SDROP **		tcp	85.214.229.212	h1870666.stratoserver.net	31.184.242.127	-	80	www	SYN
1	[81134.093213] ** SDROP **		tcp	85.214.229.212	h1870666.stratoserver.net	31.184.242.127	-	80	www	SYN
1	[81137.124093] ** SDROP **		tcp	85.214.229.212	h1870666.stratoserver.net	31.184.242.127	-	80	www	SYN
1	[81524.648020] ** IN_TCP DROP **	eth0	tcp	74.118.195.188	tibiaredbot.com.br	85.214.229.212	h1870666.stratoserver.net	8752	-	sa----
1	[81895.986463] ** IDENT **	eth0	tcp	196.41.124.211	cpanel.cybersmart.co.za	85.214.229.212	h1870666.stratoserver.net	113	auth	SYN
1	[82011.656911] ** SDROP **		tcp	85.214.229.212	h1870666.stratoserver.net	31.184.242.127	-	80	www	SYN
1	[82014.688094] ** SDROP **		tcp	85.214.229.212	h1870666.stratoserver.net	31.184.242.127	-	80	www	SYN
1	[82213.123923] ** SDROP **		tcp	85.214.229.212	h1870666.stratoserver.net	31.184.242.127	-	80	www	SYN
1	[82216.156096] ** SDROP **		tcp	85.214.229.212	h1870666.stratoserver.net	31.184.242.127	-	80	www	SYN
Reply With Quote
Sponsored Links