You are not logged in.
- Topics: Active | Unanswered
#1 2011-03-18 06:45:40
- Thallium
- Member
- Registered: 2011-03-18
- Posts: 1
LILA - Live Iptables Log Analyzer
Hi,
I'd like to present you a program I've written to analyze iptables firewall logs. Over more than one year has passed now and I finally released LILA 1.0. It is a command line application coded in python which uses a MySQL database.
If everything is set up (mysql, syslog-ng, iptables rules and optionally pdnsd) it shows in an easy to read colored output, which packets are currently being sent or received. It can analyze older logs, too. Of course appropriate firewall rules must exist.
For the moment, I'd like to highlight two particular features: It resolves IPs to hostnames (two different techniques) and detects duplicate (same destination IP and chain) packets, which have been sent in a freely configurable time interval. Thus you won't get "flooded" with hundreds of identical packets, which don't offer any additional information.
It has a lot of other features, I can't list now, but I've created an extensive PDF documentation, which contains a feature overview a detailed description and a "demo part", where you can see LILA in action (screenshots). Of course installation notes and a changelog are also included. In short, it contains everything to say about LILA. You can find it inside the tarball.
Perhaps some of you will find this tool useful, especially if you want to know what you PC is sending to the internet. In its current state it predominantly targets curious (and security interested?) people, who also have some linux knowledge. [Therefore I think the arch forums are a good place]. Personally I use it to monitor traffic on my external firewall. This way I instantly notice if a program wants to send packets unasked (specially useful if a computer in you LAN has Windows installed).
Download: https://sourceforge.net/projects/lila/
Direct link to the documentation: http://sourceforge.net/projects/lila/fi … f/download
I'd be happy if some of you take the time to have a look at it and perhaps also give me some feedback. (Bugs, setup problems, ideas for improvement etc.) 
Thank you for your time!
Thallium
Offline