NuLog: Netfilter and NuFW IPv4/IPv6 log analyser

What is NuLog ?

NuLog is a Netfilter/iptables and NuFW log analysis interface. It features a synthetic and customizable board and a complete search system.

NuLog version 2 is a complete rewrite of NuLog1, the historical iptables log analysis solution from INL. NuLog2 is an application built upon Twisted, an advanced Python framework.

Features

• Index page with a summary of firewall activity:
  • Packet dropped per host
  • Packets dropped per UDP port
  • Packets dropped per TCP port
  • Packets dropped per user (NuFW only)
  • Application used to open each connection (NuFW only)
• Fully browsable tables
• Search capability

It also has exclusive new features:

• Graphing capabilities (display clickable array, histogram or pie for a dataset)
• SOAP request system for integration with other systems
• IPv6 support.
• Account support.
• Customizable pages (index page, etc)
• AJAX features.
• Special pages for user, ip and ports.
• CSV export.

Screenshots

Download

Download latest stable version (nulog-2.1.5.tar.bz2).

Other versions available from the downloads area.

NuLog? is available for testing in NuFW.live, the live CD of NuFW.

You can also directly checkout subversion source:

svn co http://software.inl.fr/svn/mirror/edenwall/nulog2/branches/2.0/ nulog2

Nulog's Source are available for browsing.

News

• 2009-03-25: NuLog 2.1.5
  • Show state in the PacketInfo pages
  • Fixed bug while restarting database
  • Fixed regression in histogram highlighting
  • Fixed bug with the ConUsersHistoryTable page
  • Fixed regression with matplotlib < 0.97

• 2009-02-04: NuLog 2.1.4
  • Added a snort logs analyzer.
  • Fixed crashes with matplotlib >= 0.97.
  • Support ulogd2 scheme.
  • Some minor bug fixes.

• 2008-12-04: NuLog 2.1.3
  • Added an option in nulog-core to not hide the timestamp column in Packet List fragment in two columns pages.
  • In same pages, do not show the source port column.
  • Support of PGSQL database.
  • Support reconnection to database.
  • Support CIDR mask filter.
  • Applied a patch from <guy@…> which fixes the triggers script about datetimes methods.
  • Fixed unicode errors in titles display.

• 2008-10-16: NuLog 2.1.2
• 2008-04-30: NuLog 2.1.1
• 2008-04-09: NuLog 2.1.0
• 2008-03-31: NuLog 2.0.1
• 2008-01-17: NuLog 2.0

Documentation

How to install NuLog

• Installation guide: Use this document to install NuLog.
• Ulogd configuration: Once NuLog is installed, you will need to configure Netfilter/iptables to log in SQL database.
• NuFW SQL settings: If you use NuFW, follow this part of NuFW howto to setup SQL logging in NuFW.

User documentation

User documentation is available here : Doc nulog2.

Developper documentation

• Introduction
• How to create a table fragment
• How to build your own page
• Informations about translation
• How sessions work
• About AJAX in NuLog
• What is NuCentral

Tickets

If you find any problem or bug, watch the tickets list and open a new one if needed.

List of currently open tickets:

#187

postgresql script missing4

#228

NULOG2 : Script nulog.pgsql-ulogd2.sql manquant

#229

NULOG2 : Script nulog.pgsql-ulogd2.sql manquant

#230

NULOG2 : Script nulog.pgsql-ulogd2.sql manquant

You can also read the TODO file.

NuLog version 1

NuLog1 is now outdated.