FirewallStats

Description

FirewallStats is an application that extracts event data from firewall logs and alerts and displays the event information in several different forms making it easier to assess what your firewall is seeing. At present, only Netgear firewalls are supported (see The Future).

You can read more details in the ReadMe that is included in the download.

Check out these pictures if you would like to see what the application looks like.

License

At the present time FirewallStats is being offered free of charge to any individual or agency for any legal purpose.

Source code is not being offered, but some of it may be shared upon request.

Your use is "as-is" and no warranty of any kind is being made.

Any or all of these provisions may change in the future.

Credits

FirewallStats makes use of 2 libraries published under the GNU Lesser General Public License. I am grateful to the authors for providing these fine works and I encourage you to make use of them if you can. These authors have saved me a lot of work!

Chart2D by Jason J. Simas is used for all of the data displays in the Charts window.
jcalendar by Kai Toedter is used for the datepicker in the Charts window.

Requirements

You'll need a Java Runtime Environment. FirewallStats has been developed using Sun's Software Development Kit version 1.4.0 so I know that the Java Runtime Environment version 1.4 is suitable. I don't know for sure what earlier versions are suitable, but I doubt that anything earlier than 1.3 would be good because FirewallStats makes heavy use of Swing which has undergone substantial changes in recent versions. But, hey, it's not that much trouble to install FirewallStats and try it.

Features

Parses data elements from Netgear log and alert message files which are e-mailed to you by your firewall. These messages are written from your e-mail client into files in either .txt or .eml format. Optionally, these files are deleted after parsing.
Maintains a database of all events and supports archiving events as well as restoration of archived events.
Facilitates submission of your logged events to DShield.
The Event List window is a table showing all the events in the database. This table is sortable on any column making it easier to collate event information. Columns, rows, and rectangular areas may be copied to your clipboard for pasting into documents. Source addresses can easily be looked up (whois) to identify where the event originated. Port numbers can also be looked up to determine their intended use as well as any known exploits.
Data filters allow you to exclude certain categories of events from the display, such as firewall start-up events which may not be of interest.
The Chart window displays event data by selected type and for a selected time frame in either a bar or pie chart, depending on the type of information selected.
Written entirely in Java so it should work on a wide variety of computers. I have tested on Windows and Redhat/Fedora.

The Future

Here are some things on my list of possible enhancements, in no particular order:

If there is sufficient interest and support I may enhance FirewallStats to handle other brands of firewalls but for now Netgear is the only supported brand because it is all that I have access to. In fact, only the Netgear FM114P and FR314 model formats are supported at this time.
Make provision for multiple Chart windows so I can see more than one view at a time.

The Zip archive contains:

Pre-built .jar files
ReadMe.htm with installation and operation instructions

Download

You'll need a Zip application to expand this Zip archive.

FirewallStats version 1.3.2

You can send questions/suggestions/comments to me here.

Version History

FirewallStats version 1.3.2 - 09/16/2006
Updated Windows menu action to un-iconify a minimized window when selected from the menu.
FirewallStats version 1.3.1 - 09/15/2006
Added "screen timed out" to the list of strings filtered in the "admin" filter.
FirewallStats version 1.3 - 12/22/2003
Added event archiving and restoration capability to facilitate data file size management.
Added Linux font information link to the ReadMe.
Closed a hole where not all events were being sent to DShield. This required an update to the data file format which is automatically applied upon first use.
Now gives the user a busy appearance while sending events to DShield.
FirewallStats version 1.2.13 - 12/15/2003
Fixed a problem where no event type was being reported for ICMP events from FM114P's with the latest firmware.
FirewallStats version 1.2.12 - 12/14/2003
Added ability to e-mail event information to DShield.
Updated the File menu to accomodate the DShield submission item, provide placeholders for the (soon to be added) Archival and Restore functions, and attached better icons.
FirewallStats version 1.2.11 - 11/17/2003
Fixed the Event list scrolling problem when a selection exists prior to reading files.
Added printing, albeit rudimentary.
Added filter for ICMP events.
Enhanced file processing completion message to show the number of files processed and deleted.
Set the time to 00:00:00.000 and 23:59:59.999 for the Chart's earliest and latest times, respectively, for the date selected with the calendar widget.
Added parsing support for a 3rd version of the FM114P logs.
FirewallStats version 1.2.10 - 06/24/2003
Event list now scrolls to the end when new events are read and no previous selection exists.
Fixed that event list scroll bug(!) so that post-addition scrolls update properly.
Fixed the FM114P parser to handle both old and new firmware versions.
FirewallStats version 1.2.9 - 05/18/2003
Fixed a bug that precluded opening the Options more than once per application invocation (Lordy!).
FirewallStats version 1.2.8 - 04/17/2003
Fixed a bug that allowed you to have 2 copies of the Options open at the same time.
FirewallStats version 1.2.7 - 04/16/2003
Another(!) bug fix for the re-written FR314 parser.
FirewallStats version 1.2.6 - 03/29/2003
Bug fix for the re-written FR314 parser.
FirewallStats version 1.2.5 - 03/26/2003
Added support for the Netgear FM114P file format.
File parser code re-written for efficiency and clarity.
FirewallStats version 1.2.4 - 03/08/2003
Added Port Lookup button on the Events window.
Expanded lookup capability to Macintosh & Unix platforms, but this now assumes that your browser is Netscape on Macintosh and Mozilla on Unix platforms.
Added installation instructions for (Redhat, at least) Unix platforms.
FirewallStats version 1.2.3 - 02/16/2003
Added filters for Admin and Log events.
FirewallStats version 1.2.2 - 02/09/2003
Added time stamps to the message line.
Added a tab to the Options to allow setting the URL used for WhoIs lookups (Windows only).
FirewallStats version 1.2.1 - 01/24/2003
Added context-sensitivity to the Edit menu items.
FirewallStats version 1.2 - 12/19/2002
Changed data file format to pad the IP address octets with leading 0's. This is the first public release.
FirewallStats version 1.1 - 12/17/2002
Changed data file format to use the "native" format of the Calendar class's TimeInMillis instead of the SQL-like string "yyyyMMddHHmmssSSS".
FirewallStats version 1.0 - 12/12/2002

Back to the Nybbles&Bits home

Made with 1st Page 2000 - Professional tools for real minds.