update to 1.3 [release 1.3-1mamba;Wed Oct 10 2012]

README.md

@@ -1,2 +1,52 @@
 # fwlogwatch
 
+fwlogwatch is a packet filter/firewall/IDS log analyzer written by Boris Wesslowski with the following features:
+
+General features:
+Can detect and process log entries in the following formats:
+Linux ipchains, Linux netfilter/iptables, Solaris/BSD/Irix/HP-UX ipfilter, Cisco IOS, Cisco PIX, NetScreen Windows XP firewall, Elsa Lancom router and Snort IDS.
+
+Entries can be parsed in combined log files, the parsers to be used can be selected.
+
+Gzip-compressed logs are supported.
+
+Can separate recent from old entries and detects timewarps in log files.
+
+Can recognize 'last message repeated' entries concerning the firewall.
+
+Integrated resolver for protocols, services and host names.
+
+Can do lookups in the whois database.
+
+Own DNS and whois information cache for faster lookups.
+
+Hosts, ports, chains and branches (targets) can be selected or excluded as needed.
+
+Support for internationalization (available in English, German, Portuguese, simplified and traditional Chinese and Swedish).
+
+Log summary mode:
+A lot of options to find and display relevant patterns in connection attempts.
+
+Intelligent selection of certain fields (e.g. the host name column is omitted and the host mentioned in the header of the summary if the log is from a single host, the same happens with the chains, targets and interfaces).
+Plain text and HTML (with CSS) output with many sort options.
+
+Can send summaries by email.
+
+Interactive report mode:
+The integrated report generator fills in and presents a report that can be sent to abuse contacts of attacking sites or computer emergency response teams (CERTs).
+
+Supports templates and incident number generation.
+
+All fields can be adjusted as needed interactively.
+
+Realtime response mode:
+The program detaches and stays in the background as a daemon.
+Detection of the necessary ipchains rules with logging turned on can be configured.
+
+Response can be a notification (in form of a log file entry, an email, a remote winpopup message or whatever you can put into a shell script), or a customizable firewall modification.
+The included response script adds a new chain for fwlogwatch to ipchains or netfilter setups and attackers are blocked with new firewall rules.
+
+Supports trusted hosts (anti-spoofing).
+
+The current status of the program can be followed through a web interface (supports IPv6).
+

fwlogwatch.spec

@@ -0,0 +1,97 @@
+Name:          fwlogwatch
+Version:       1.3
+Release:       1mamba
+Summary:       A packet filter/firewall/IDS log analyzer
+Group:         System/Tools
+Vendor:        openmamba
+Distribution:  openmamba
+Packager:      Tiziana Ferro <tiziana.ferro@email.it>
+URL:           http://fwlogwatch.inside-security.de/
+Source:        http://fwlogwatch.inside-security.de/sw/fwlogwatch-%{version}.tar.bz2
+License:       GPL
+BuildRoot:     %{_tmppath}/%{name}-%{version}-root
+BuildRequires: flex
+
+%description
+fwlogwatch is a packet filter/firewall/IDS log analyzer written by Boris Wesslowski with the following features:
+
+General features:
+Can detect and process log entries in the following formats:
+Linux ipchains, Linux netfilter/iptables, Solaris/BSD/Irix/HP-UX ipfilter, Cisco IOS, Cisco PIX, NetScreen Windows XP firewall, Elsa Lancom router and Snort IDS.
+ 
+Entries can be parsed in combined log files, the parsers to be used can be selected.
+ 
+Gzip-compressed logs are supported.
+ 
+Can separate recent from old entries and detects timewarps in log files.
+ 
+Can recognize 'last message repeated' entries concerning the firewall.
+ 
+Integrated resolver for protocols, services and host names.
+ 
+Can do lookups in the whois database.
+ 
+Own DNS and whois information cache for faster lookups.
+ 
+Hosts, ports, chains and branches (targets) can be selected or excluded as needed.
+ 
+Support for internationalization (available in English, German, Portuguese, simplified and traditional Chinese and Swedish).
+ 
+Log summary mode: 
+A lot of options to find and display relevant patterns in connection attempts.
+ 
+Intelligent selection of certain fields (e.g. the host name column is omitted and the host mentioned in the header of the summary if the log is from a single host, the same happens with the chains, targets and interfaces). 
+Plain text and HTML (with CSS) output with many sort options.
+ 
+Can send summaries by email.
+ 
+Interactive report mode: 
+The integrated report generator fills in and presents a report that can be sent to abuse contacts of attacking sites or computer emergency response teams (CERTs).
+ 
+Supports templates and incident number generation.
+ 
+All fields can be adjusted as needed interactively.
+ 
+Realtime response mode: 
+The program detaches and stays in the background as a daemon.
+Detection of the necessary ipchains rules with logging turned on can be configured.
+ 
+Response can be a notification (in form of a log file entry, an email, a remote winpopup message or whatever you can put into a shell script), or a customizable firewall modification.
+The included response script adds a new chain for fwlogwatch to ipchains or netfilter setups and attackers are blocked with new firewall rules.
+ 
+Supports trusted hosts (anti-spoofing).
+ 
+The current status of the program can be followed through a web interface (supports IPv6).
+
+%prep
+[ "%{buildroot}" != / ] && rm -rf "%{buildroot}"
+
+%setup -q
+
+%build
+make
+
+%install
+mkdir -p %{buildroot}/%{_prefix}/sbin
+mkdir -p %{buildroot}%{_mandir}/man8
+make install INSTALL_DIR=%{buildroot}/%{_prefix}
+
+%clean
+
+%files
+%defattr(-,root,root)
+%{_sbindir}/*
+%{_mandir}/man8/*
+
+%changelog
+* Wed Oct 10 2012 Automatic Build System <autodist@mambasoft.it> 1.3-1mamba
+- update to 1.3
+
+* Fri Jan 04 2008 Tiziana Ferro <tiziana.ferro@email.it> 1.1-1mamba
+- update to 1.1
+
+* Tue Oct 12 2004 Silvan Calarco <silvan.calarco@mambasoft.it> 1.0-1qilnx
+- update to version 1.0 by autospec
+
+* Wed Jan 28 2004 Silvan Calarco <silvan.calarco@mambasoft.it> 0.9.3-1qilnx
+- first build