PF Log Viewer
I developed this application to test the feasability of using a web browser to monitor a firewall. Basically, what I
wanted was an easy to view, easy to search presentation of the firewalls' packet filter logs (This is on OpenBSD ala PF).
In order to do this, several things were needed.
First, I needed a way to log the firewall packets to a remote server, but there was a small snag right off. OpenBSD logs
packet filter data in binary format to a file (/var/log/pflog). I first had to figure out how to configure pf to log
in ACSII format so I could actually read the data without the use of tcpdump. Searching in the manual, I found two very
useful scripts to perform this task with ease. You can find the manual page here
I also have two example scripts tarred up with instructions here
The above scripts allow you to log to syslog. Well, syslog can't get the data into a database very easily, so enter syslog-ng. This allows you to
log to your database server, which in turn gives the ability to read the information with ASP, PHP, etc. I personally prefer PHP for this type of
work (it's free!), and so built a set of classes that allow me to present the data in an easy to use interface. Check out the demo here
You can download the source code, database and configuration files needed here