loggrep-0.4
Author: Gerhard Khüny <snorre@users.sourceforge.net>
- Description
Loggrep greps kernel logfiles on ipchains or iptables packet log entries and features the posibility to filter against given entries (date, IP, port, ..). It also features a quasi-detection of portscans, line count and html output.
- Installation
IPCHAINS: Define the logfile type to ipchains.
./configure --with-ipchains
make
make install
IPTABLES: Define the logfile type to iptables.
./configure --with-iptables="IPTABLES LOGPREFIX" (Set the logprefix you specified by iptables)
make
make install
To identify a logline generated by iptables, the line must conatin a logprefix.
e.g iptables -A my_drop -p TCP -j LOG --log-prefix "DROP-TCP: "
iptables -A my_drop -p UDP -j LOG --log-prefix "DROP-UDP: "
To scan both TCP AND UDP use LOGPREFIX="DROP-".
XML: Define the logfile type to any kind of logfiles which contain lines.
./configure --with-xml
- Logfiles
You are able to define logfiles with xml. The xmlfile will be installed in the share directory. The file logfile.xml shows you a definition for iptables. You can modify the xmlfile for ajusting to your requirements, but you have to follow the dtd (logfile.dtd).