Skip to main content

for network traffic analysis, displays your iptables, UFW, or any application that logs in the same format, in a pleasant way.

Project description

# FWMonitor

fwmonitor can be used to grok IPTABLES, UFW or any program that logs similar to IPTABLES, logs from your syslog (_active_) or a gathered log/text file (_passive_) in a comprehensive format in order to conduct network traffic analysis and security audit of your servers.

## Demo

![fwmonitor](images/fwmonitor.gif)

## Usage

Install from PIP:

`bash pip3 install fwmonitor `

Or clone this repository:

`bash git clone https://github.com/pouriyajamshidi/fwmonitor.git `

Make the script executable:

`bash chmod +x fwmonitor.py `

For your convenience, you can place the program in your system PATH, like /bin/ or /usr/local/bin/ for instance:

`bash sudo cp fwmonitor.py /usr/local/bin/fwmonitor `

## Flags

This script takes 4 optional arguments. These arguments are:

`–file`: Location of log file to be scanned. Default location is /var/log/syslog

`–key` : Keyword that IPTABLES uses to log events. Make sure of case-sensitivity and specific keyword in your log file. Default value for keyword is “UFW BLOCK”

`–interval`: Interval to read the log file from scratch, this is useful for analyzing a live system. If you pass 0 here, it’ll scan the log file once and exits. Default value for interval is 60 seconds

`–ipv6`: Display IPv6 logs. Default is IPv4

`–version`: Display version and exit

_By running the script without providing any arguments, the default values as mentioned below above be used._

## Examples

To analyze a log file that you have gathered:

`python fwmonitor --file mytraffic.log --key "IPTABLES_BLOCK" --interval 0 # OR python3 fwmonitor.py --file mytraffic.log --key "IPTABLES_BLOCK" --interval 0 `

Audit a live server:

`python fwmonitor --file /var/log/syslog --key "IPTABLES_BLOCK" # OR python3 fwmonitor.py --file /var/log/syslog --key "IPTABLES_BLOCK" `

Additionally, there is a sample.log in this repository that you can utilize to see how this script works without actually having a log file yourself. Use it like:

`bash fwmonitor --file sample.log --key "UFW BLOCK" --interval 0 # OR python3 fwmonitor.py --file sample.log --key "UFW BLOCK" --interval 0 `

## Tested on

Ubuntu.

_It can be used on Windows and Mac OS as well to analyze the gathered log file(s)._

## TODO

  • [ ] Implement smart spacing for rows.

## Contributing

Pull requests are welcome.

## License

[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

fwmonitor-1.2.2.tar.gz (5.7 kB view details)

Uploaded Source

File details

Details for the file fwmonitor-1.2.2.tar.gz.

File metadata

  • Download URL: fwmonitor-1.2.2.tar.gz
  • Upload date:
  • Size: 5.7 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/4.0.1 CPython/3.10.6

File hashes

Hashes for fwmonitor-1.2.2.tar.gz
Algorithm Hash digest
SHA256 f5d8ebf7a8fda05757b786a5bafd9e6d332872416590a50389f62b003a30ef4d
MD5 8e1a8294c471a1af1c6e29d73a770d00
BLAKE2b-256 35b0f1ecd6f0bb6cea451116e0724545a4822a9b9be7efdc1479e816e950bb73

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page