/ 
Fwctl-0.28
River stage zero No dependents
/ fwctllog

NAME

fwctllog - Program to gather raw data from the packet dump generated by the firewall

SYNOPSIS

fwtcllog [--aliases file] [ --interfaces file ] [--rules file] [--services-dir dir ]+ [ --dns | --nodns ] [--year year] [--start date] [ --end date | --period period ] logfile ...

DESCRIPTION

fwctllog reads STDIN or the file named as argument on the command and preprocess the packet logs for convenient later analysis.

OUTPUT

The program outputs in a pipe (|) delimited format the following information.

epoch

The timestamp of the packet in epoch time.

policy

What happened to the logged packet (REJECT,ACCEPT or DENY).

device

The device interface on which the packet was logged.

interface

The Fwctl(3) interface name to which this device is releted (ex. EXT).

chain

The name of the chain on which this packet was logged.

proto

The protocol number of the packet.

proto_name

The protocol name of the packet

src_ip

The source IP of the packet in IPv4 quad dotted format.

src_host

The hostname (if dns resolution was turned on and if it was successful) related to the source IP.

src_if

The Fwctl(3) interface which is related to that IP.

src_alias

The Fwctl(3) alias which is related to this IP.

src_port

The port number of the source if the protocol is TCP or UDP. If the protocol is ICMP, this is the icmp type.

src_serv

The service name related to the port or the name related to the ICMP type.

dst_ip

The destination IP of the packet in IPv4 quad dotted format.

dst_host

The hostname (if dns resolution was turned on and if it was successful) related to the destination IP.

dst_if

The Fwctl(3) interface which is related to that IP.

dst_alias

The Fwctl(3) alias which is related to this IP.

dst_port

The port number of the destination if the protocol is TCP or UDP. If the protocol is ICMP, this is the icmp code.

dst_serv

The service name related to the port or the name related to the ICMP code.

OPTIONS

aliases

Specifies the path to the aliases file. Default is /etc/fwctl/aliases.

interfaces

Specifies the path to the interfaces file. Default is /etc/fwctl/interfaces

rules

Specifies the path to the rules file. Default is /etc/fwctl/rules

services-dir

Sets the search patch for service modules. The default is to look in PERLPATH and /etc/fwctl/services/. Using this option removes the last directory from the search path and adds the directory specified as option. Note that the default perl module path are always searched.

This option may be specified multiple times.

[no]dns

Turn on or off the DNS resolving of found IP.

year

Sets the year that the log starts. Defaults to the current year if the first month of the log is in the past and last year if the logs starts in the future.

start

Sets the date from which to output records. If the Date::Manip module is available you can use any format that this module can understand. If you don't have this module installed, you must specify a complete date of the form YYYY-MM-DD HH:MM:SS The hour, minute and seconds part is optional as well as the year, which can be 2 or 4 digits.

end

Sets the date after which the program stops to output records. If the Date::Manip module is available you can use any format that this module can understand. If that module is not available, you should use the same format that the start option.

period

Sets the period length for which to ouput records. It is interpreted relative to the starting date or the start of the logs. If the Date::Manip module is available you can use any format that this module understands. If not use something like Year Month Day Hours Min Secs suffixed each with y,mo,d,h,mi,s. Each part is optional.

AUTHOR

Francis J. Lacoste <francis.lacoste@iNsu.COM>

COPYRIGHT

Copyright (c) 1999,2000 iNsu Innovations Inc. All rights reserved.

This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

SEE ALSO

Fwctl(3) Fwctl::RuleSet(3) fwctl(8).