Use Afterglow To Visualize Iptables Logs On CentOS, RHEL, Fedora

Graphviz and Text-CSV perl modules are the prerequisites. Most latest linux distros come with perl preinstalled, if not then install perl as well.

# yum install perl
# wget http://search.cpan.org/CPAN/authors/id/E/ER/ERANGEL/Text-CSV-0.5.tar.gz
# tar zxvf Text-CSV-0.5.tar.gz
# cd Text-CSV-0.5
# perl Makefile.PL
# make
# make install

Install graphviz, download the latest version of afterglow and untar it

# yum install graphviz
# wget http://sourceforge.net/projects/afterglow/files/latest/download?source=files
# tar zxvf afterglow-1.6.2.tar.gz

Now since you have followed my previous post on setting up psad and argo you have psad installed (If not click here). Afterglow can read data from CSV files, so the log file has to be converted to CSV format using psad.

# psad --CSV --CSV-fields "src dst dp sp" --CSV-max 1000 -m /var/log/firewall.log | perl /opt/afterglow/src/perl/graph/afterglow.pl -c /opt/afterglow/src/perl/parsers/color.properties | neato -Tjpg -o iptable_graph03.jpg

The command is self explanatory, psad is is being used to create CSV file with the CSV flag, the columns are src ip and ports, dst ip and ports the max entries being 1000 -m followed by the log file piped to afterglow perl script with the color.properties file and everything finally piped to neato utility that comes with the graphviz package to convert it to jpg file.
The color.properties file can be edited to create an image with colors of your choice.

Iptable graph

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to top button