NAME

fwctlreport - Generates text reports from fwctllog output.

SYNOPSIS

fwctlreport [--start report_start] [--end report_end | --period report_period ] [--threshold cutoff_threshold] [--limit expression] [--nohostname] [--report report ...] logfile ...

fwctlreport --help

DESCRIPTION

fwctlreport can be use to generates several kind of reports from the kernel packet filters logs once processed by fwctllog.

INPUT OPTIONS

The records on which the report will be generated can be customized with the following options.

start

Sets the start of the report's period. If the Date::Manip(3) module is installed, you can use any format that this module can parse. If that module is'nt installed you must use the following format YYYY-MM-DD HH:MM:SS or any meaningful subset of that format.

If this option is not used, the report will start with the first record.

end

Sets the end of the report's period. If the Date::Manip(3) module is installed, you can use any format that this module can parse. If that module is'nt installed you must use the following format YYYY-MM-DD HH:MM:SS or any meaningful subset of that format.

If this option is not used, the report will end with the last record.

period

Sets the length of the report's period. This length is interpreted relative to the report's start. This option has priority over the end option.

If you have the Date::Manip module installed, you can use any format that this module can parse. If that module isn't available, you can use a subset of the following format X weeks X days X hours X mins X secs.

threshold

This option will removed records identical in protocol, destination ports, source addresses and destination addressesses that appears in the time window specified by the threshold parameters. Defaults is 120 (2 minutes). Use 0 to generates reports for all the packets.

limit

This parameter can be used to restrict the records over which the report is generated. It is an expression which will be used to select a subset of all the records. You can use the following fields : src_ip, dst_ip, src_host, dst_host, action, device, src_port, dst_port, src_serv, dst_serv, proto, proto_name, and the following operator =, !=, <, >, <=, >=, /regex/, /regex/i. Those operators have the same meaning as in perl. You can also use parentheses and the following logic operator : or, and, not .

hostname or nohostname: If you usee nohostname, only the IP address will appear in the report, even if the hostname is available.
report: You can use this option to specify the reports that will be generated. By default, the details report is generated.

REPORT

Here are the reports that can be generated :

service_sum: Report that shows the number of log entry for each services.
service: Report that shows the time, action and source host logged for each services.
service_host_sum: Report that shows the number of log entry for each destination host / service.
service_host: Report that shows the time, action and source host logged for each destination host / service.
service_alias_sum: Report that shows the number of log entry for each destination alias / service.
service_alias: Report that shows the time, action and source host logged for each destination alias / service.
dst_alias_sum: Report that shows the number of log entry for each destination alias.
dst_alias: Report that shows the time, action, source host and service logged for each destination alias.
dst_host_sum: Report that shows the number of log entry for each destination host.
dst_host: Report that shows the time, action, source host and service logged for each destination host.
src_alias_sum: Report that shows the number of log entry for each source alias.
src_alias: Report that shows the time, action, destination host and service logged for each source alias.
src_host_sum: Report that shows the number of log entry for each source host.
src_host: Report that shows the time, action, destination host and service logged for each source host.
details: Reports that shows all the information associated with each log entry.

AUTHOR

Francis J. Lacoste <francis.lacoste@iNsu.COM>

COPYRIGHT

This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program; if not, you can get one at http://www.gnu.org/copyleft/gpl.html

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)