Wflogs is a software tool designed to analyze firewall logs.
Wflogs uses various commands to carry out different tasks. For instance, users can convert their netfilter log files to HTML reports using the following command: wflogs -i netfilter -o html netfilter.log > logs.html. When converting log files to text reports, the wflogs command provides options for sorting logs based on specific criteria, such as protocol number and time: wflogs --sort=protocol,-time -i netfilter -o text netfilter.log > logs.txt.
Besides these, users can also use wflogs to find log entries matching specific expressions. For example, the command wflogs -f '$start_time >= [this 3 days ago] && $start_time < [this 2 days ago] && $chainlabel =~ /(DROP|REJECT)/ && $sipaddr == 10.0.0.0/8 && $protocol == tcp && ($dport == ssh || $dport == telnet) && ($tcpflags & SYN)' -i netfilter -o text --summary=no retrieves log entries without a summary that match a specific expression (such as refused connection attempts that occurred three days ago to ssh and telnet ports).
To disable specific features when generating reports, the wflogs command provides options to disable IP address reverse lookups and whois lookups using the --resolve and --whois flags respectively. In addition, the software supports many input modules with a variety of firewall logs, including netfilter, ipchains, ipfilter, cisco_pix, cisco_ios, and snort ACLs logs. Users can use these modules interchangeably on any architecture that supports wflogs.
Finally, this software release includes various new features and improvements, including supporting Cisco FWSM (PIX), improved netfilter parsing, and improved matching of netfilter and ipfilter input modules. This software is available on various Unix systems, including Linux and *BSD.
Version 0.9.8: N/A