IPTables Log Analyzer

IPTables Log Analyzer How-To Setup for a Fedora 8 system running as the network gateway.

Depends
yum -y install ulogd ulogd-mysql libnetfilter_log libnfnetlink mysql-server

Installing IPTables Log Analyzer
cd /var/www/html wget http://easynews.dl.sourceforge.net/sourceforge/iptablelog/iptablelog-v0.9.tar.gz tar -xzvf iptablelog-v0.9.tar.gz cd iptablelog

mysql drop database iptablelog; create database iptablelog; grant create,select,insert,update on iptablelog.* to iptablelog_admin@localhost identified by 'password'; grant select on iptablelog.* to iptablelog_user@localhost identified by 'password'; grant create temporary tables on iptablelog.* TO iptablelog_user@localhost identified by 'password'; exit

cd conf mysql iptablelog < iptables.mysql cp config.php.default config.php cp ulogd.conf.sample /etc/ulogd.conf Now you will need to modify the conf/ulogd.conf file with your own entry's. Look at these items $db_host="localhost"; $db_user="iptablelog_admin"; $db_password="password"; $db_name="iptablelog"; $host_resolution_avail = 1; $url_base="/iptablelog/"; $file_base="/var/www/html/iptablelog"; # i.e. "/var/www/html/iptablelog"
 * 1) Host of the MySQL database
 * 1) User of the MySQL database
 * 1) Password of the MySQL database
 * 1) Name of the database
 * 1) Table format (ulog or native, native is default)
 * 2) Note: ulog schema is not compatible with ignored ports
 * 1) URL Path to your installation
 * 1) File Path to your installation

ulog
cd /etc/ cp /etc/ulogd.conf /etc/ulogd.conf.bkp

Since you backed up your ulogd.conf file, replace the file with the following: echo > /etc/ulogd.conf vim /etc/ulogd.conf

[global] nlgroup=32 logfile="/var/log/ulogd/ulogd.log" loglevel=1 rmem=131071 bufsize=150000 plugin="/usr/lib/ulogd/ulogd_BASE.so" plugin="/usr/lib/ulogd/ulogd_LOCAL.so" plugin="/usr/lib/ulogd/ulogd_LOGEMU.so" plugin="/usr/lib/ulogd/ulogd_MYSQL.so" [LOGEMU] file="/var/log/ulogd/ulogd.syslogemu" sync=1 [MYSQL] table="ulog" pass="password" user="iptablelog_admin" db="iptablelog" host="localhost" Now start ulogd service ulogd start chkconfig ulogd on
 * 1) configuration for ulogd

IPTables Log Analyzer Resources

 * Main Website