for network traffic analysis, displays your iptables, UFW, or any application that logs in the same format, in a pleasant way.
Project description
FWMonitor
fwmonitor can be used to grok IPTABLES, UFW or any program that logs similar to IPTABLES, logs from your syslog (active) or a gathered log/text file (passive) in a comprehensive format in order to conduct network traffic analysis and security audit of your servers.
Demo
Usage
Install from PIP:
pip3 install fwmonitor
Or clone this repository:
git clone https://github.com/pouriyajamshidi/fwmonitor.git
Make the script executable:
chmod +x fwmonitor.py
For your convenience, you can place the program in your system PATH, like /bin/ or /usr/local/bin/ for instance:
sudo cp fwmonitor.py /usr/local/bin/fwmonitor
Flags
This script takes 4 optional arguments. These arguments are:
--file: Location of log file to be scanned. Default location is /var/log/syslog
--key : Keyword that IPTABLES uses to log events. Make sure of case-sensitivity and specific keyword in your log file. Default value for keyword is "UFW BLOCK"
--interval: Interval to read the log file from scratch, this is useful for analyzing a live system. If you pass 0 here, it'll scan the log file once and exits. Default value for interval is 60 seconds
--ipv6: Display IPv6 logs. Default is IPv4
--version: Display version and exit
By running the script without providing any arguments, the default values as mentioned below above be used.
Examples
To analyze a log file that you have gathered:
fwmonitor --file mytraffic.log --key "IPTABLES_BLOCK" --interval 0
# OR
python3 fwmonitor.py --file mytraffic.log --key "IPTABLES_BLOCK" --interval 0
Audit a live server:
fwmonitor --file /var/log/syslog --key "IPTABLES_BLOCK"
# OR
python3 fwmonitor.py --file /var/log/syslog --key "IPTABLES_BLOCK"
Additionally, there is a sample.log in this repository that you can utilize to see how this script works without actually having a log file yourself. Use it like:
fwmonitor --file sample.log --key "UFW BLOCK" --interval 0
# OR
python3 fwmonitor.py --file sample.log --key "UFW BLOCK" --interval 0
Tested on
Ubuntu.
It can be used on Windows and Mac OS as well to analyze the gathered log file(s).
TODO
- Implement smart spacing for rows.
Contributing
Pull requests are welcome.
License
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
File details
Details for the file fwmonitor-1.2.4.tar.gz.
File metadata
- Download URL: fwmonitor-1.2.4.tar.gz
- Upload date:
- Size: 5.5 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/4.0.1 CPython/3.8.10
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 3eda65bfa74ae66cc8d373681792a900f3d12d1337eaf9b8b9339946f4765292 |
|
| MD5 | db8e25d951d24ac001e90e2cfcfcba47 |
|
| BLAKE2b-256 | b2193205d80bf9c117058e4552789bab68496511a61f8dc2721184eef5ce750e |
