iptables�ｿｽ�ｿｽ�ｿｽO�ｿｽ�ｿｽ�ｿｽ(IPTables log analyzer)

�ｿｽﾅ終�ｿｽX�ｿｽV�ｿｽ�ｿｽ�ｿｽF 2014.02.19

[root@fedora ~]# wget http://jaist.dl.sourceforge.net/sourceforge/iptablelog/iptablelog-v0.9.tar.bz2
�ｿｽ@�ｿｽ�ｿｽ�ｿｽ@IPTables log analyzer�ｿｽ_�ｿｽE�ｿｽ�ｿｽ�ｿｽ�ｿｽ�ｿｽ[�ｿｽh

�ｿｽ�ｿｽ�ｿｽﾅ新�ｿｽﾅゑｿｽURL�ｿｽ�ｿｽ�ｿｽ_�ｿｽE�ｿｽ�ｿｽ�ｿｽ�ｿｽ�ｿｽ[�ｿｽh�ｿｽy�ｿｽ[�ｿｽW�ｿｽﾅ確�ｿｽF�ｿｽ�ｿｽ�ｿｽ驍ｱ�ｿｽ�ｿｽ

[root@fedora ~]# tar jxvf iptablelog-v0.9.tar.bz2�ｿｽ@�ｿｽ�ｿｽ�ｿｽ@IPTables log analyzer�ｿｽW�ｿｽJ

[root@fedora ~]# mv iptablelog/ /var/www�ｿｽ@�ｿｽ�ｿｽ�ｿｽ@IPTables log analyzer�ｿｽW�ｿｽJ�ｿｽ�ｿｽf�ｿｽB�ｿｽ�ｿｽ�ｿｽN�ｿｽg�ｿｽ�ｿｽ�ｿｽ�ｿｽ�ｿｽ�ｿｽ�ｿｽ�ｿｽﾌデ�ｿｽB�ｿｽ�ｿｽ�ｿｽN�ｿｽg�ｿｽ�ｿｽ�ｿｽﾖ移難ｿｽ

[root@fedora ~]# rm -f iptablelog-v0.9.tar.bz2�ｿｽ@�ｿｽ�ｿｽ�ｿｽ@�ｿｽ_�ｿｽE�ｿｽ�ｿｽ�ｿｽ�ｿｽ�ｿｽ[�ｿｽh�ｿｽ�ｿｽ�ｿｽ�ｿｽ�ｿｽt�ｿｽ@�ｿｽC�ｿｽ�ｿｽ�ｿｽ�ｿｽ�ｿｽ�除

[root@fedora ~]# mysql -u root -p�ｿｽ@�ｿｽ�ｿｽ�ｿｽ@MySQL�ｿｽ�ｿｽroot�ｿｽﾅ��ｿｽ�ｿｽO�ｿｽC�ｿｽ�ｿｽ
Enter password: �ｿｽ@�ｿｽ�ｿｽ�ｿｽ@MySQL�ｿｽ�ｿｽroot�ｿｽp�ｿｽX�ｿｽ�ｿｽ�ｿｽ[�ｿｽh�ｿｽ�ｿｽ�ｿｽ�ｿｽ
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 6
Server version: 5.0.37 Source distribution

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql> create database iptablelog;�ｿｽ@�ｿｽ�ｿｽ�ｿｽ@iptablelog�ｿｽf�ｿｽ[�ｿｽ^�ｿｽx�ｿｽ[�ｿｽX�ｿｽ�成
Query OK, 1 row affected (0.00 sec)

mysql> grant all on iptablelog.* to iptablelog_user@localhost identified by '�ｿｽp�ｿｽX�ｿｽ�ｿｽ�ｿｽ[�ｿｽh';
�ｿｽ@�ｿｽ�ｿｽ�ｿｽ@iptablelog�ｿｽf�ｿｽ[�ｿｽ^�ｿｽx�ｿｽ[�ｿｽX�ｿｽA�ｿｽN�ｿｽZ�ｿｽX�ｿｽ�ｿｽ�ｿｽ[�ｿｽU�ｿｽ�成
Query OK, 0 rows affected (0.00 sec)

mysql> exit�ｿｽ@�ｿｽ�ｿｽ�ｿｽ@MySQL�ｿｽ�ｿｽ�ｿｽ辜搾ｿｽO�ｿｽA�ｿｽE�ｿｽg
Bye

[root@fedora ~]# cat /var/www/iptablelog/conf/iptables.mysql | mysql -u iptablelog_user -p�ｿｽp�ｿｽX�ｿｽ�ｿｽ�ｿｽ[�ｿｽh iptablelog
�ｿｽ@�ｿｽ�ｿｽ�ｿｽ@iptablelog�ｿｽf�ｿｽ[�ｿｽ^�ｿｽx�ｿｽ[�ｿｽX�ｿｽ�ｿｽ�ｿｽ�ｿｽ�ｿｽ�ｿｽ�ｿｽ�ｿｽ�ｿｽp�ｿｽX�ｿｽ�ｿｽ�ｿｽ[�ｿｽh�ｿｽ�ｿｽiptables�ｿｽf�ｿｽ[�ｿｽ^�ｿｽx�ｿｽ[�ｿｽX�ｿｽA�ｿｽN�ｿｽZ�ｿｽX�ｿｽ�ｿｽ�ｿｽ[�ｿｽU�ｿｽﾌパ�ｿｽX�ｿｽ�ｿｽ�ｿｽ[�ｿｽh

[root@fedora ~]# yum -y install ulogd ulogd-mysql

[root@fedora ~]# vi /etc/ulogd.conf 
#
# ulogd_BASE.so - interpreter plugin for basic IPv4 header fields
#                 you will always need this
plugin="/usr/lib/ulogd/ulogd_BASE.so"
plugin="/usr/lib/ulogd/ulogd_LOCAL.so"�ｿｽ@�ｿｽ�ｿｽ�ｿｽ@�ｿｽﾇ会ｿｽ

# output plugins.
#plugin="/usr/lib/ulogd/ulogd_LOGEMU.so"�ｿｽ@�ｿｽ�ｿｽ�ｿｽ@�ｿｽR�ｿｽ�ｿｽ�ｿｽ�ｿｽ�ｿｽg�ｿｽA�ｿｽE�ｿｽg
#plugin="/usr/lib/ulogd/ulogd_OPRINT.so"
plugin="/usr/lib/ulogd/ulogd_MYSQL.so"�ｿｽ@�ｿｽ�ｿｽ�ｿｽ@�ｿｽR�ｿｽ�ｿｽ�ｿｽ�ｿｽ�ｿｽg�ｿｽ�ｿｽ�ｿｽ�ｿｽ
#plugin="/usr/lib/ulogd/ulogd_PGSQL.so"
#plugin="/usr/lib/ulogd/ulogd_SQLITE3.so"
#plugin="/usr/lib/ulogd/ulogd_PCAP.so"

[MYSQL]
table="ulog"
pass="�ｿｽp�ｿｽX�ｿｽ�ｿｽ�ｿｽ[�ｿｽh"�ｿｽ@�ｿｽ�ｿｽ�ｿｽ@iptablelog�ｿｽf�ｿｽ[�ｿｽ^�ｿｽx�ｿｽ[�ｿｽX�ｿｽA�ｿｽN�ｿｽZ�ｿｽX�ｿｽ�ｿｽ�ｿｽ[�ｿｽU�ｿｽp�ｿｽX�ｿｽ�ｿｽ�ｿｽ[�ｿｽh�ｿｽﾝ抵ｿｽ
user="iptablelog_user"�ｿｽ@�ｿｽ�ｿｽ�ｿｽ@iptablelog�ｿｽf�ｿｽ[�ｿｽ^�ｿｽx�ｿｽ[�ｿｽX�ｿｽA�ｿｽN�ｿｽZ�ｿｽX�ｿｽ�ｿｽ�ｿｽ[�ｿｽU�ｿｽ�ｿｽ�ｿｽﾝ抵ｿｽ
db="iptablelog"�ｿｽ@�ｿｽ�ｿｽ�ｿｽ@iptablelog�ｿｽf�ｿｽ[�ｿｽ^�ｿｽx�ｿｽ[�ｿｽX�ｿｽ�ｿｽ�ｿｽﾝ抵ｿｽ
host="localhost"

[root@fedora ~]# /etc/rc.d/init.d/ulogd start
ulogd �ｿｽ�ｿｽ�ｿｽN�ｿｽ�ｿｽ�ｿｽ�ｿｽ:                                            [  OK  ]

[root@fedora ~]# chkconfig ulogd on

[root@fedora ~]# chkconfig --list ulogd 
ulogd           0:off   1:off   2:on    3:on    4:on    5:on    6:off

iptables -A INPUT -m limit --limit 1/s -j ULOG --ulog-nlgroup 1 --ulog-prefix 'INPUT'

iptables -A INPUT -m limit --limit 1/s -j LOG --log-prefix '[IPTABLES INPUT] : '
iptables -A INPUT -m limit --limit 1/s -j ULOG --ulog-nlgroup 1 --ulog-prefix 'INPUT'�ｿｽ@�ｿｽ�ｿｽ�ｿｽ@�ｿｽﾇ会ｿｽ

[root@fedora ~]# cp /var/www/iptablelog/conf/config.php.default /var/www/iptablelog/conf/config.php

[root@fedora ~]# vi /var/www/iptablelog/conf/config.php
# Password of the MySQL database
$db_password="�ｿｽp�ｿｽX�ｿｽ�ｿｽ�ｿｽ[�ｿｽh";�ｿｽ@�ｿｽ�ｿｽ�ｿｽ@iptablelog�ｿｽf�ｿｽ[�ｿｽ^�ｿｽx�ｿｽ[�ｿｽX�ｿｽA�ｿｽN�ｿｽZ�ｿｽX�ｿｽ�ｿｽ�ｿｽ[�ｿｽU�ｿｽp�ｿｽX�ｿｽ�ｿｽ�ｿｽ[�ｿｽh�ｿｽﾝ抵ｿｽ

# File Path to your installation
$file_base="/var/www/iptablelog"; # i.e. "/var/www/html/iptablelog"�ｿｽ@�ｿｽ�ｿｽ�ｿｽ@iptablelogWeb�ｿｽf�ｿｽB�ｿｽ�ｿｽ�ｿｽN�ｿｽg�ｿｽ�ｿｽ�ｿｽ�ｿｽ�ｿｽﾝ抵ｿｽ

[root@fedora ~]# cp /var/www/iptablelog/conf/iptables_resolve.default /etc/cron.hourly/iptables_resolve
�ｿｽ@�ｿｽ�ｿｽ�ｿｽ@IP�ｿｽA�ｿｽh�ｿｽ�ｿｽ�ｿｽX�ｿｽ�ｿｽ�ｿｽO�ｿｽ�ｿｽ�ｿｽ�ｿｽ�ｿｽX�ｿｽN�ｿｽ�ｿｽ�ｿｽv�ｿｽg�ｿｽ�ｿｽ�ｿｽ�ｿｽ�ｿｽ�ｿｽ�ｿｽ�ｿｽ�ｿｽ�ｿｽ�ｿｽs�ｿｽf�ｿｽB�ｿｽ�ｿｽ�ｿｽN�ｿｽg�ｿｽ�ｿｽ�ｿｽﾖコ�ｿｽs�ｿｽ[

[root@fedora ~]# vi /etc/cron.hourly/iptables_resolve�ｿｽ@�ｿｽ�ｿｽ�ｿｽ@IP�ｿｽA�ｿｽh�ｿｽ�ｿｽ�ｿｽX�ｿｽ�ｿｽ�ｿｽO�ｿｽ�ｿｽ�ｿｽ�ｿｽ�ｿｽX�ｿｽN�ｿｽ�ｿｽ�ｿｽv�ｿｽg�ｿｽﾒ集
$iptablelog_path = "/var/www/iptablelog"; # Change this�ｿｽ@�ｿｽ�ｿｽ�ｿｽ@iptablelogWeb�ｿｽf�ｿｽB�ｿｽ�ｿｽ�ｿｽN�ｿｽg�ｿｽ�ｿｽ�ｿｽ�ｿｽ�ｿｽﾝ抵ｿｽ

db_connect("localhost","iptablelog","iptablelog_user", "�ｿｽp�ｿｽX�ｿｽ�ｿｽ�ｿｽ[�ｿｽh");  # Change these db settings
�ｿｽ@�ｿｽ�ｿｽ�ｿｽ@iptablelog�ｿｽf�ｿｽ[�ｿｽ^�ｿｽx�ｿｽ[�ｿｽX�ｿｽA�ｿｽN�ｿｽZ�ｿｽX�ｿｽ�ｿｽ�ｿｽﾝ抵ｿｽ

[root@fedora ~]# vi /etc/httpd/conf.d/iptables.conf�ｿｽ@�ｿｽ�ｿｽ�ｿｽ@IPTables log analyzer�ｿｽpApache�ｿｽﾝ抵ｿｽt�ｿｽ@�ｿｽC�ｿｽ�ｿｽ�ｿｽ�成
Alias /iptablelog /var/www/iptablelog

�ｿｽ�ｿｽ�ｿｽﾈ会ｿｽ�ｿｽﾍ難ｿｽ�ｿｽ�ｿｽ�ｿｽ�ｿｽ�ｿｽ�ｿｽﾌみ参�ｿｽﾆでゑｿｽ�ｿｽ�ｿｽ謔､�ｿｽﾉゑｿｽ�ｿｽ�ｿｽ鼾��ｿｽﾌゑｿｽ
<Location /iptablelog>
    Order deny,allow
    Deny from all
    Allow from 127.0.0.1
    Allow from 192.168.1.0/24�ｿｽ@�ｿｽ�ｿｽ�ｿｽ@�ｿｽ�ｿｽ�ｿｽ�ｿｽ�ｿｽl�ｿｽb�ｿｽg�ｿｽ�ｿｽ�ｿｽ[�ｿｽN�ｿｽA�ｿｽh�ｿｽ�ｿｽ�ｿｽX�ｿｽ�ｿｽ�ｿｽw�ｿｽ�ｿｽ
</Location>

[root@fedora ~]# /etc/rc.d/init.d/httpd reload�ｿｽ@�ｿｽ�ｿｽ�ｿｽ@Apache�ｿｽﾝ定反�ｿｽf
httpd �ｿｽ�ｿｽ�ｿｽﾄ読み搾ｿｽ�ｿｽﾝ抵ｿｽ:                                      [  OK  ]