Log analyzer

[mdlowry]

I'm looking for something that will summarize a log file.

I have a couple of roommates, and both are running things that result in iptables logging and dropping a lot of packets. I've changed the rules so that the LAN side doesn't log some things, but the global side is seeing a lot of traffic. My iptables log for a home network is getting to be 20-30 MB on a daily basis (24hr period). I'd rather not just ignore the log, but as it is it's too much to go through.

I can't just prohibit the traffic, since I'm not the one paying for internet access. The router is mine, and would prefer to keep things secure.

[bodhi.zazen]

Analyze the logs for what exactly ?

You could use anything from squid (to log http) to snort (you can write custom rules for snort) to simply grep.

If you are looking at what is causing high traffic on you lan, simply look at the logs.

[beaker829]

Good tool is "logwatch"

You can install it via yum/repositories, or pull it from sourceforge (sf.net) if you want the latest build.

It will do what you are asking...scan the log and trigger on events that you set and email you a summary with the results. That way you don't have to read the 20-30mb you say you capture per day.

[mdlowry]

Thanks Beaker. Sounds like what I was looking for.

[beaker829]

no worries

[hermouche]

Squid could do it also

and even best with squidguard

red