Author: Gerhard Khüny <firstname.lastname@example.org>
Loggrep greps kernel logfiles on ipchains or iptables packet log entries and features the posibility to filter against given entries (date, IP, port, ..). It also features a quasi-detection of portscans, line count and html output.
IPCHAINS: Define the logfile type to ipchains.
./configure --with-ipchains make make install
IPTABLES: Define the logfile type to iptables.
./configure --with-iptables="IPTABLES LOGPREFIX" (Set the logprefix you specified by iptables) make make install To identify a logline generated by iptables, the line must conatin a logprefix. e.g iptables -A my_drop -p TCP -j LOG --log-prefix "DROP-TCP: " iptables -A my_drop -p UDP -j LOG --log-prefix "DROP-UDP: " To scan both TCP AND UDP use LOGPREFIX="DROP-".
XML: Define the logfile type to any kind of logfiles which contain lines. ./configure --with-xml
You are able to define logfiles with xml. The xmlfile will be installed in the share directory. The file logfile.xml shows you a definition for iptables. You can modify the xmlfile for ajusting to your requirements, but you have to follow the dtd (logfile.dtd).