Obtaining Additional Firewall Logging Tools | The Best Damn Firewall Book Period

Table 6.5 contains an all-too-brief discussion of additional tools available to you.

Table 6.5: Additional Logging Tools
Tool	Description
Ipchains logger	A logging enhancer similar to Fwlogd, but limited to Ipchains. It is especially strong in its ability to log masqueraded connections. Its home page is at http://ipchainslog.sourceforge.net.
LogGrep	This daemon uses the grep utility to read and sort log files. It is limited, as of this writing, to Ipchains. With this utility, you can sort protocol, date, IP port firewall log entries to generate customlog files. Currently, it can also discover port scans, and generate HTML pages. The project's home page is at http://loggrep.sourceforge.net/.
Open Correlation	Although this project has not produced any files as of this writing, this project hopes to create an all-purpose logging daemon that can scan as many different types of log files as possible. Although it is dangerous to mention the word universal when discussing anything concerning Linux, this promises to be a helpful tool. The project's home page is at http://sourceforge.net/projects/opencorrelation/.
Fwlogsum	This application generates HTML-based reports. The developers aim to create a logging utility that is powerful, yet easy to configure. HTML reports are meant to emulate those created by the popular, commercial Check Point FW-1 log firewall. The project's home page is at http://fwlogsum.sourceforge.net/.
IP Firewall Accounting (IPFA)	This logging software is meant to enhance IP accounting log information. It allows you to gather the following information: Per month protocol usage User monitoring, as long as identd is enabled on client hosts Binding of IP addresses to MAC addresses You can obtain this software at www.tucows.com, or at http://linuxberg.eunet.fi/conhtml/adm_firewall.html.
Appsend	An application similar to SendIP. However, this application also allows you to simulate additional attacks, such as SYN floods and additional denial-of-service (DoS) attacks. http://www.tucows.com, or at http://linuxberg.eunet.fi/conhtml/adnload/58289_31510.html.
Ipmeter	IPmeter monitors network usage, and is designed to help you bill clients for usage. It generates HTML reports with embedded graphics. You can download it at www.ipmeter.com.
Mrtg	A traffic load monitor that generates HTML reports with embedded graphics. Similar to IPmeter, Mrtg is intended as a network management and monitoring tool, but it can also be very helpful as a security tool, because network management and security management concerns and tools are closely related. You can obtain Mrtg at www.mrtg.org, or at http://ee-staff.ethz.ch/~oetiker/webtools/mrtg/.
Ntop	Ntop is a powerful tool that allows you to identify the nature of all egress and ingress traffic. The latest version is available at www.ntop.org. It is much like the standard top application, in that it gathers information about hosts, and then places the most active hosts at the top of the display. It can be run on a terminal just like the standard top application; you can run it in Web server mode, or as a Web server. This mode supports authentication, thus it allows you to easily limit access to only specific users.