IPTables Log Analyzer

From MattWiki
Jump to: navigation, search

IPTables Log Analyzer How-To Setup for a Fedora 8 system running as the network gateway.

Depends

yum -y install ulogd ulogd-mysql libnetfilter_log libnfnetlink mysql-server

Installing IPTables Log Analyzer

cd /var/www/html
wget http://easynews.dl.sourceforge.net/sourceforge/iptablelog/iptablelog-v0.9.tar.gz
tar -xzvf iptablelog-v0.9.tar.gz
cd iptablelog
mysql
drop database iptablelog;
create database iptablelog;
grant create,select,insert,update on iptablelog.* to iptablelog_admin@localhost identified by 'password';
grant select on iptablelog.* to iptablelog_user@localhost identified by 'password';
grant create temporary tables on iptablelog.* TO iptablelog_user@localhost identified by 'password';
exit
cd conf
mysql iptablelog < iptables.mysql
cp config.php.default config.php
cp ulogd.conf.sample /etc/ulogd.conf

Now you will need to modify the conf/ulogd.conf file with your own entry's. Look at these items

# Host of the MySQL database
$db_host="localhost";
# User of the MySQL database
$db_user="iptablelog_admin";
# Password of the MySQL database
$db_password="password";
# Name of the database
$db_name="iptablelog";
# Table format (ulog or native, native is default)
# Note: ulog schema is not compatible with ignored ports
$host_resolution_avail = 1;
# URL Path to your installation
$url_base="/iptablelog/"; 
# File Path to your installation
$file_base="/var/www/html/iptablelog"; # i.e. "/var/www/html/iptablelog"

ulog

cd /etc/
cp /etc/ulogd.conf /etc/ulogd.conf.bkp

Since you backed up your ulogd.conf file, replace the file with the following:

echo > /etc/ulogd.conf
vim /etc/ulogd.conf
# configuration for ulogd
[global]
nlgroup=32
logfile="/var/log/ulogd/ulogd.log"
loglevel=1
rmem=131071
bufsize=150000
plugin="/usr/lib/ulogd/ulogd_BASE.so"
plugin="/usr/lib/ulogd/ulogd_LOCAL.so"
plugin="/usr/lib/ulogd/ulogd_LOGEMU.so"
plugin="/usr/lib/ulogd/ulogd_MYSQL.so"

[LOGEMU]
file="/var/log/ulogd/ulogd.syslogemu"
sync=1

[MYSQL]
table="ulog"
pass="password"
user="iptablelog_admin"
db="iptablelog"
host="localhost"

Now start ulogd

service ulogd start
chkconfig ulogd on

IPTables Log Analyzer Resources