Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/pouriyajamshidi/fwmonitor

for network traffic analysis, displays your iptables, UFW, or any application that logs in the same format, in a pleasant way.
https://github.com/pouriyajamshidi/fwmonitor

forensics-tools iptables linux network security security-tools

Last synced: about 1 month ago
JSON representation

for network traffic analysis, displays your iptables, UFW, or any application that logs in the same format, in a pleasant way.

Host: GitHub
URL: https://github.com/pouriyajamshidi/fwmonitor
Owner: pouriyajamshidi
License: mit
Created: 2021-02-25T20:35:39.000Z (almost 4 years ago)
Default Branch: master
Last Pushed: 2023-05-10T16:50:15.000Z (over 1 year ago)
Last Synced: 2024-10-28T11:16:39.159Z (3 months ago)
Topics: forensics-tools, iptables, linux, network, security, security-tools
Language: Python
Homepage: https://pypi.org/project/fwmonitor/
Size: 394 KB
Stars: 0
Watchers: 1
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md
- Funding: .github/FUNDING.yml
- License: LICENSE

Awesome Lists containing this project

README

# FWMonitor

`fwmonitor` can be used to grok `IPTABLES`, `UFW` or any program that logs similar to `IPTABLES`, logs from your `syslog` (_active_) or a gathered log/text file (_passive_) in a comprehensive format in order to conduct network traffic analysis and security audit of your servers.

[![Downloads](https://static.pepy.tech/badge/fwmonitor)](https://pepy.tech/project/fwmonitor)

## Demo

![fwmonitor](https://github.com/pouriyajamshidi/fwmonitor/raw/master/images/fwmonitor.gif)

## Usage

Install from `PIP`:

```bash
pip3 install fwmonitor
```

Or clone this repository:

```bash
git clone https://github.com/pouriyajamshidi/fwmonitor.git
```

Make the script executable:

```bash
chmod +x fwmonitor.py
```

For your convenience, you can place the program in your system PATH, like `/bin/` or `/usr/local/bin/` for instance:

```bash
sudo cp fwmonitor.py /usr/local/bin/fwmonitor
```

---

## Flags

This script takes 4 optional arguments. These arguments are:

**`--file`**: Location of log file to be scanned. Default location is **/var/log/syslog**

**`--key`** : Keyword that `IPTABLES` uses to log events. Make sure of case-sensitivity and specific keyword in your log file. Default value for keyword is **"UFW BLOCK"**

**`--interval`**: Interval to read the log file from scratch, this is useful for analyzing a live system. If you pass `0` here, it'll scan the log file once and exits. Default value for interval is **60 seconds**

**`--ipv6`**: Display `IPv6` logs. Default is **IPv4**

**`--version`**: Display version and exit

_By running the script without providing any arguments, the default values as mentioned below above be used._

## Examples

To analyze a log file that you have gathered:

```python
fwmonitor --file mytraffic.log --key "IPTABLES_BLOCK" --interval 0
# OR
python3 fwmonitor.py --file mytraffic.log --key "IPTABLES_BLOCK" --interval 0
```

Audit a live server:

```python
fwmonitor --file /var/log/syslog --key "IPTABLES_BLOCK"
# OR
python3 fwmonitor.py --file /var/log/syslog --key "IPTABLES_BLOCK"
```

Additionally, there is a `sample.log` in this repository that you can utilize to see how this script works without actually having a log file yourself. Use it like:

```bash
fwmonitor --file sample.log --key "UFW BLOCK" --interval 0
# OR
python3 fwmonitor.py --file sample.log --key "UFW BLOCK" --interval 0
```

## Tested on

Ubuntu.

_It can be used on `Windows` and `Mac OS` as well to analyze the gathered log file(s)._

## TODO

- [ ] Implement smart spacing for rows.

## Contributing

Pull requests are welcome.

## License

[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)