Nulog is a PHP interface for the MySQL plugin for the ulogd netfilter log daemon and for NuFW SQL logging.
Version: 1.2.14Nulog is a firewall log analysis interface written in php. Netfilter is able to log selected packets directly in a database like MySQL or PostgreSQL.
Operating System: Linux
Nulog uses this interface to display security events in real-time on a user-friendly interface.
Here are some key features of "Nulog":
Â· show the last hosts that sent packets that got blocked by your firewall.
Â· show the last ports that hosts tried to open.
Â· search for packets logged from an host.
Â· search for packets logged for a given port.
Â· search for packets logged for a given user.
Settings up the database
To use it, create a mysql database ulogd, tape as root :
mysqladmin create ulogd
Next, populate the database using ulogd.mysqldump :
cat ulogd.mysqldump | mysql -u USER -p ulogd
Put your user and password in include/require.inc.
The database is not the standard mysql database for ulogd. It add a few tables and indexes to have thing work fast.
Settings up netfilter
If you don�t use EdenWall or NuFW, you need to configure your netfilter installation.
Now you can log into the database. To log bad packet you have to use use ULOG
iptables -A FORWARD -j ULOG --ulog-nlgroup 1 --ulog-prefix "badif"
What's New in This Release:
Â· This release can use MySQL triggers instead of PHP code to compute statistical data.