fwctllog - Program to gather raw data from the packet dump generated by the firewall
fwtcllog [--aliases file] [ --interfaces file ] [--rules file] [--services-dir dir ]+ [ --dns | --nodns ] [--year year] [--start date] [ --end date | --period period ] logfile ...
fwctllog reads STDIN or the file named as argument on the command and preprocess the packet logs for convenient later analysis.
The program outputs in a pipe (|) delimited format the following information.
The timestamp of the packet in epoch time.
What happened to the logged packet (REJECT,ACCEPT or DENY).
The device interface on which the packet was logged.
The Fwctl(3) interface name to which this device is releted (ex. EXT).
The name of the chain on which this packet was logged.
The protocol number of the packet.
The protocol name of the packet
The source IP of the packet in IPv4 quad dotted format.
The hostname (if dns resolution was turned on and if it was successful) related to the source IP.
The Fwctl(3) interface which is related to that IP.
The Fwctl(3) alias which is related to this IP.
The port number of the source if the protocol is TCP or UDP. If the protocol is ICMP, this is the icmp type.
The service name related to the port or the name related to the ICMP type.
The destination IP of the packet in IPv4 quad dotted format.
The hostname (if dns resolution was turned on and if it was successful) related to the destination IP.
The port number of the destination if the protocol is TCP or UDP. If the protocol is ICMP, this is the icmp code.
The service name related to the port or the name related to the ICMP code.
Specifies the path to the aliases file. Default is /etc/fwctl/aliases.
Specifies the path to the interfaces file. Default is /etc/fwctl/interfaces
Specifies the path to the rules file. Default is /etc/fwctl/rules
Sets the search patch for service modules. The default is to look in PERLPATH and /etc/fwctl/services/. Using this option removes the last directory from the search path and adds the directory specified as option. Note that the default perl module path are always searched.
This option may be specified multiple times.
Turn on or off the DNS resolving of found IP.
Sets the year that the log starts. Defaults to the current year if the first month of the log is in the past and last year if the logs starts in the future.
Sets the date from which to output records. If the Date::Manip module is available you can use any format that this module can understand. If you don't have this module installed, you must specify a complete date of the form YYYY-MM-DD HH:MM:SS The hour, minute and seconds part is optional as well as the year, which can be 2 or 4 digits.
Sets the date after which the program stops to output records. If the Date::Manip module is available you can use any format that this module can understand. If that module is not available, you should use the same format that the start option.
Sets the period length for which to ouput records. It is interpreted relative to the starting date or the start of the logs. If the Date::Manip module is available you can use any format that this module understands. If not use something like Year Month Day Hours Min Secs suffixed each with y,mo,d,h,mi,s. Each part is optional.
Francis J. Lacoste <francis.lacoste@iNsu.COM>
Copyright (c) 1999,2000 iNsu Innovations Inc. All rights reserved.
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
Fwctl(3) Fwctl::RuleSet(3) fwctl(8).
To install Fwctl, copy and paste the appropriate command in to your terminal.
cpanm
cpanm Fwctl
CPAN shell
perl -MCPAN -e shell install Fwctl
For more information on module installation, please visit the detailed CPAN module installation guide.