GSP
Quick Navigator

Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages


Manual Reference Pages  -  IPFWCOUNT (1)

.ds Aq ’

NAME

ipfwcount - Summarise ipfw logs

CONTENTS

SYNOPSIS

ipfwcount [-adinNoq] [-e expr] -k key[,key...] [-t top] [file...]

DESCRIPTION

ipfwcount summarises ipfw(8) logs by counting and sorting the fields. The following fields are recognised:

rule action proto type shost sport dhost dport dir iface

By default, all input lines are processed - this can be restricted with the -a, -d, -i and -o options to count allowed, denied, incoming and outgoing packets respectively.

The logs can be filtered further with the -e option - see EXAMPLES.

At least one sort key must be given using the -k option. ipfwcount will list all the unique values in this field, from the most to the least common. Repeat this option to create multiple lists, or use comma separated keys to create nested lists.

To list only the first top values in each field, use the -t option.

If the -n option is given, port numbers and IP addresses are resolved in the output. With the -N, option, all input lines are resolved before filtering (which may take some time).

If no files are specified, ipfwcount reads from standard input.

OPTIONS

-a Count allowed packets
-d Count denied packets
-i Count incoming packets
-n Lookup host and service names
-N Lookup names before filtering
-o Count outgoing packets
-q Don’t print headers
-e expr Filter expression - see EXAMPLES
-k key[,key...] Sort key(s)
-t top Show only the top top entries

EXAMPLES

Show the top 10 denied ports for incoming traffic:



    ipfwcount -di -k dport -t 10 /var/log/security



Show the hosts attempting to connect to those ports:



    ipfwcount -di -k dport,shost -t 10 /var/log/security



Sort incoming connections by interface and protocol:



    ipfwcount -ai -k iface,proto /var/log/security



For more sophisticated filtering, use the -e option - it takes a Perl expression, using field names as variables.

Show denied ports above 1024:



    ipfwcount -di -e dport > 1024 -k dport /var/log/security



Show traffic leaving the local network:



    ipfwcount -ao -e dhost !~ /^192\.168/ -k dhost /var/log/security



The expression passed to -e can also modify field values. This ’feature’ may occasionally be useful.

Show the class C network of denied hosts:



    ipfwcount -di -e shost =~ s/\d+$/0/ -k shost /var/log/security



Note that Perl uses different comparison operators for numbers and strings - see perlop(1).

SEE ALSO

ipfw(8), perlop(1)

AUTHOR

Robert Archer <ipfwcount@deathbeforedecaf.net>
Search for    or go to Top of page |  Section 1 |  Main Index


perl v5.20.3 IPFWCOUNT (1) 2016-03-17

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with manServer 1.07.