Hatchet is a software tool that offers an OpenBSD PF log parser.
Hatchet uses a series of Perl regexes to match entries from the pflog logs. The log entries are then stored in a SQLite database file, which enables the software to support dynamic queries and statistics. If it comes across a log entry that it does not have a match for, Hatchet will send an email to the system administrator (root@localhost) with the details.
The software allows users to install the web interface on a separate webserver, and the INSTALL document covers each task and where it should be performed. Hatchet uses SQLite but does not require the installation of the full SQLite "suite." Instead, only the DBD::SQLite module, which incorporates the necessary libraries, is required.
Moreover, the software offers some new features in this release, including the reorganization and fixes of all Docs/*, moving all cgi-bin/* to the default /cgi-bin/, removing alt location options for create_db.pl, moving all variables to universal config file (/etc/hatchet.conf), fixing the "Transaction aborted" bug in hatchet, and regex additions for HSRP, ICMP, SNMP, and DNS replies.
Overall, Hatchet provides a useful and clean log viewing utility that is ideal for PF administrators. While the software does not have a PF ruleset editor, its current features are more than enough to make log viewing and analysis easier and more efficient.
Version 0.8.1 RC1: N/A