Free Packet Filter Log Analysis Tool - Oct. 4, 2001

Note: I haven't had time to set this up and try it myself, but the sample output looks good. I will update this page with more information when I have had time to check out the tool.

Updated version posted on August 22, 2001. This version now supports negative UTC time zones.

Capricorn Consulting has a demo of a BorderManager packet filter log analyzer tool at http://www.capricorn.de:8887.

Their tool (runs on Linux) is free, and you can download it here. Here is the description of the tool I got via email:

The date will be updated every 2 minutes (you can change this), you will be able to view all the old log files, per entry all infos are displayed: source:port - dest:port - protocol - flags - direction. All sort functions (i.e. per source-IP or dest.-ip), links to whois and ifos about the attacks on this port in last days and statistical functions: attacks per IP / Port etc. Alerting per email or pager on special log entries.

See this link for a brief explanation of the fields in a packet filter log.



Return to the Main Page