[TOOL] Hatchet - PF Firewall Log Parser
From: SecuriTeam (support_at_securiteam.com)
Date: 04/15/04
- Previous message: SecuriTeam: "[TOOL] KnockD - Port Knocking Daemon"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: list@securiteam.com Date: 15 Apr 2004 16:23:41 +0200
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
Hatchet - PF Firewall Log Parser
------------------------------------------------------------------------
SUMMARY
DETAILS
Hatchet is a log parsing/presentation program written for OpenBSD's PF
logs. The main script, "hatchet", should be run every 5 minutes, or as
often as you wish. Depending on the size of your logfiles versus the speed
of your machine, you may wish to tweak how often it runs.
Hatchet uses a series of Perl regexes to match entries from the pflog
logs. The log entries are stored in an SQLite database file, allowing for
highly dynamic queries and statistics. If it finds one it doesn't have a
match for, it will kick off an email to the system administrator
(root@localhost) with the details. It's possible to install the web
interface on a separate web server, the INSTALL document covers each task
and where it should be performed. Although Hatchet uses SQLite, it does
not require installation of the full SQLite "suite", only the DBD::SQLite
module, which incorporates the necessary libraries.
ADDITIONAL INFORMATION
The information has been provided by <mailto:jason@dixongroup.net> Jason
Dixon.
The tool can be downloaded from: <http://www.dixongroup.net/hatchet/>
http://www.dixongroup.net/hatchet/
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: SecuriTeam: "[TOOL] KnockD - Port Knocking Daemon"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
