26 Jan 2000 22:35:53 UTC
Distribution: Fwctl
Source (raw)
Browse (raw)
Changes
How to Contribute
Issues
Testers (0 / 0 / 1)
Kwalitee
Bus factor: 0
License: unknown
Activity
24 month
Tools
Download (75.35KB)
MetaCPAN Explorer
Permissions
Subscribe to distribution
- Dependencies
- unknown
- Reverse dependencies
- CPAN Testers List
- Dependency graph
Permalinks
This version
Latest version

NAME

fwctlreport - Generates text reports from fwctllog output.

SYNOPSIS

fwctlreport [--start report_start] [--end report_end | --period report_period ] [--threshold cutoff_threshold] [--nohostname] [--src ip|host ...] [--dst ip/host ...] [--sif interface ...] [--dif interface ...] [--salias alias ...] [--dalias alias ...] [--proto proto ...] [--port ...] [--report report ...] logfile ...

fwctlreport --help

DESCRIPTION

fwctlreport can be use to generates several kind of reports from the kernel packet filters logs once processed by fwctllog.

INPUT OPTIONS

The records on which the report will be generated can be customized with the following options.

start

Sets the start of the report's period. If the Date::Manip(3) module is installed, you can use any format that this module can parse. If that module is'nt installed you must use the following format YYYY-MM-DD HH:MM:SS or any meaningful subset of that format.

If this option is not used, the report will start with the first record.

end

Sets the end of the report's period. If the Date::Manip(3) module is installed, you can use any format that this module can parse. If that module is'nt installed you must use the following format YYYY-MM-DD HH:MM:SS or any meaningful subset of that format.

If this option is not used, the report will end with the last record.

period

Sets the length of the report's period. This length is interpreted relative to the report's start. This option has priority over the end option.

If you have the Date::Manip module installed, you can use any format that this module can parse. If that module isn't available, you can use a subset of the following format X weeks X days X hours X mins X secs.

threshold

This option will removed records identical in protocol, destination ports, source addresses and destination addressesses that appears in the time window specified by the threshold parameters. Defaults is 120 (2 minutes). Use 0 to generates reports for all the packets.

src

Restrict records to those whose source address matches src. You can use hostname or IP address.

You can use this parameter multiple times to specify multiple possibility. The record will be included if it matches any of those.

dst

Restrict records to those whose destination address matches dst. You can use hostname or IP address.

You can use this parameter multiple times to specify multiple possibility. The record will be included if it matches any of those.

salias

Restrict records to those whose source alias matches salias. You can use any alias as specified in the aliases configuration file.

You can use this parameter multiple times to specify multiple possibility. The record will be included if it matches any of those.

dalias

Restrict records to those whose destination alias matches dalias. You can use any alias as specified in the aliases configuration file.

You can use this parameter multiple times to specify multiple possibility. The record will be included if it matches any of those.

sif

Restrict records to those whose source address is on the interface sif. You can use any interface as specified in the interfaces configuration file.

You can use this parameter multiple times to specify multiple possibility. The record will be included if it matches any of those.

dif

Restrict records to those whose destination address is on the interface dif. You can use any interface as specified in the interfaces configuration file.

You can use this parameter multiple times to specify multiple possibility. The record will be included if it matches any of those.

proto

Restrict records to those whose protocol matches proto. You can use protocol name or number.

You can use this parameter multiple times to specify multiple possibility. The record will be included if it matches any of those.

port

Restrict records to those whose destination port matches port. You can use service name or number.

You can use this parameter multiple times to specify multiple possibility. The record will be included if it matches any of those.

OUTPUT OPTIONS

To customize output you can use the following options :

hostname or nohostname: If you usee nohostname, only the IP address will appear in the report, even if the hostname is available.
report: You can use this option to specify the reports that will be generated. By default, the details report is generated.

REPORT

Here are the reports that can be generated :

service_sum: Report that shows the number of log entry for each services.
service: Report that shows the time, action and source host logged for each services.
service_host_sum: Report that shows the number of log entry for each destination host / service.
service_host: Report that shows the time, action and source host logged for each destination host / service.
service_alias_sum: Report that shows the number of log entry for each destination alias / service.
service_alias: Report that shows the time, action and source host logged for each destination alias / service.
dst_alias_sum: Report that shows the number of log entry for each destination alias.
dst_alias: Report that shows the time, action, source host and service logged for each destination alias.
dst_host_sum: Report that shows the number of log entry for each destination host.
dst_host: Report that shows the time, action, source host and service logged for each destination host.
src_alias_sum: Report that shows the number of log entry for each source alias.
src_alias: Report that shows the time, action, destination host and service logged for each source alias.
src_host_sum: Report that shows the number of log entry for each source host.
src_host: Report that shows the time, action, destination host and service logged for each source host.
details: Reports that shows all the information associated with each log entry.

AUTHOR

Copyright (c) 2000 Francis J. Lacoste and iNsu Innovations Inc. All rights reserved.

This program is free software; you can redistribute it and/or modify it under the terms as perl itself.

SEE ALSO

Fwctl(3) Fwctl::RuleSet(3) fwctl(8) fwctllog(8) Fwctl::Report(3).

To install Fwctl, copy and paste the appropriate command in to your terminal.

cpanm Fwctl

perl -MCPAN -e shell
install Fwctl

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)