In the search for a clear log display for iptables I found fwlogwatch. As later turned out, unfortunately not suitable for the error search in logfiles. The focus of this product lies in the statistics and active intervention in attacks.
Load the source files from the homepage and extract the file with tar.
flex and zlib are required to build fwlogwatch. So we install these two first:
root@debian-iptables1 ~/fwlogwatch/fwlogwatch-1.5 # apt-get install flex root@debian-iptables1 ~/fwlogwatch/fwlogwatch-1.5 # apt-get install libz-dev
make should run without any errors.
root@debian-iptables1 ~/fwlogwatch/fwlogwatch-1.5 # make
Don’t run “make install”. A directory is missing:
root@debian-iptables1 ~/fwlogwatch/fwlogwatch-1.5 # make install install -m 0755 fwlogwatch /usr/local/sbin/fwlogwatch install -m 0755 contrib/fwlw_notify /usr/local/sbin/fwlw_notify install -m 0755 contrib/fwlw_respond /usr/local/sbin/fwlw_respond install -m 0644 fwlogwatch.8 /usr/local/share/man/man8/fwlogwatch.8
A first quick test
root@debian-iptables1 ~/fwlogwatch/fwlogwatch-1.5 # fwlogwatch -v -v -w -o log.html -l 1d -m 2 -t -e -z -n -N -p -s -d -y /var/log/messages
If everything has worked we now find in the current directory the file log.html and can look at this in the browser.
Since this procedure is very impractical for the daily work we use a web server and the files in the directory contrib.
The more comfortable version
Using apache and a cgi-script:
apt-get install apache2 a2enmod cgi service mkdir /var/www/cgi-bin mkdir /var/www/html/fwlogwatch cp contrib/fwlogsummary.cgi /var/www/cgi-bin/
ScriptAlias /cgi-bin/ "/var/www/cgi-bin/" <Directory "/var/www/cgi-bin/"> Options +ExecCGI AddHandler cgi-script .cgi Order allow,deny Allow from all
Apache runs with the user ww-data. Ensure that the user www-data is allowed to read the /var/log/messages file! Otherwise only the index file is created.
Open the following url once, so that the index.html is created
Then only the index has to be used, since from this the cgi-script can be called.
Example: source and destination IP addresses