Contributed by jose on from the info-gathering dept.
It looks very promising if you want to have a better view of what goes in and out of your network, it might also help administrators find out where bottlenecks and wrongly behaving users can be found at.
On a side note, it does feature a clean web interface with nice graphics, check it out at:
http://www.securityoffice.net/products/metacortex "
(Comments are closed)
By Sacha () on
But sure looks nice for further use :D
By Anonymous Coward () on
By Anonymous Coward () on
Holy crap, this is excellent.
This tool just sent my PF usage to the next level of usefulness! :)
By Anonymous Coward () on
Comments
By Anonymous Coward () on
By Teedo () on
It also had some pages that would do a "tail -200" on some of your log files and display that.
I forgot... What is this app actually supposed to do other than make an ass out of whomever installs it?
Comments
By Anonymous Coward () on
When are you going to release 1.1 or 2.0 from the way you're describing things. Or could you send me the patches in the meanwhile?
email me: root@localhost
Thanks!
By Anonymous Coward () on
Contact
Please send any suggestions, comments, flames to metacortex(at)securityoffice.net
Maybe you can turn your pointless criticism into something of constructive value?
Or maybe help fix things rather than just nag like an old lady.
By Someone with more of a clue than Teedo () on
By Howard Owen () hbo@egbok.com on http://egbok.com
By StatiK76 () on
meh - its faster to type.
StatiK76
Comments
By JFS () on
PS: and when I try to email the "metacortex" the 3 addresses on the site return delivery errors!!!
Comments
By Howard Owen () hbo@egbok.com on http://egbok.com
By Howard Owen () hbo@egbok.com on http://egbok.com
By Tamer Sahin () ts@securityoffice.net on http://www.securityoffice.net
programming skills. It has been written for users, such as me, who have great need on
PF monitoring to overcome such requirements. If the software is exracted to the default
(/var/www/metacortex) directory and there if the build script is run, then, including
all php scripts and links, there will be no problem at all. For sure, there are mistakes
and miscodings that i couldn't see. If these kind of bugs are reported to me, they will, for
surely, be fixed in the sortest terms.
If there is an intention of you to help the project step further, we can contribute to
the project together. Not decreasing the value of the help, I believe that with the
power of programmers such as you, we can make major changes on the structure of the
project and make it function better.
There has been some fixes on the initial release of Metacortex, I will apply them to
the software and will release it under the version; Metacortex v1.0.1. the changes
are ranged below:
- Misspelled words fixed 'Rule Generator' and 'README'.
- Local status page outputs now more formatted.
- Useless full paths removed from build scripts.
- Fixed 'Local Status' Cross site scripting bug.
- Files permissions now more restrictive.
- Build scripts completely revised. (Thanks contribution & suggestions for Dom De Vitto)
Please, do not hesitate to send your recommendations and warnings about Metacortex. They will be welcomed > metacortex@securityoffice.net
Comments
By Howard Owen () hbo@egbok.com on http://egbok.com
/bin/chmod 644 /var/log/daemon
/bin/chmod 644 /var/log/authlog
By Howard Owen () hbo@egbok.com on http://egbok.com
since apache runs as www, I can see the rationale, but doing that without big, red warning signs is very bad!
The code is in build.sh. Do a grep for'chmod'.
By Tamer Sahin () on http://www.securityoffice.net
+ What is Metacortex?
Metacortex consists of a PF graphical user interface. Built on the proactively secure OpenBSD operating system, and
featuring an HTML based graphic interface for easy monitoring.
+ Features
* PF Statistics; active connections, current ruleset.
* TCP, UDP, ICMP based PF log analysis.
* Local System Status; process, uptime, vm stats.
* Web based PF rule generator.
* Reference Library; Many important RFC's, MAC ID query, port query, ip & domain whois.
* System Log View.
+ Changelog v1.0 to v1.0.1
- Misspelled words fixed 'Rule Generator' and 'README'.
- Local status page outputs now more formatted.
- Useless full paths removed from build scripts.
- Fixed 'Local Status' Cross site scripting bug.
- Files permissions now more restrictive.
- Build scripts completely revised.
- Fixed 'Rule Generator' port ranges bug.
- Fixed 'Rule Generator' blocking bugs.
- Fixed 'Rule Generator' redirect bugs.
- Fixed 'Rule Generator' keep/modulate state bugs.
- Fixed many 'Rule Generator' javascript bugs.
- Logs are arranged in order newer through old in TCP, UDP, ICMP and Other logs.
+ Contact
Please send any suggestions, comments, flames to metacortex(at)securityoffice.net
+ Download
http://www.securityoffice.net/products/metacortex/
Comments
By morpheus () on
By Chris Owen () chris.owen@consault.com on http://www.consault.com
I have some suggestions that would make the product more useful to me and possibly others.
1) More statistics to help isolate where rules need to be tweaked would be of more help.
a) percentages of tcp, udp and icmp packages dropped compared to the whole.
b) percentages of icmp types compared to all icmp
c) percentages of tcp type dropped (RST, SYN, ACK, etc.) compared to all tcp
d) percentages of fragments compared to all or number of fragments dropped
e) tcp packets dropped broken down by port
f) udp packets dropped broken down by port
2) on each of these statistics pages, the ability to click on a link so that those packets which triggered the statistics.
3) breakdown by source or destination ports
4) statistics for what times the most packets are being dropped (mrtg)
5) statistics for when traffic is occuring (mrtg)
An emphasis on tweaking the current ruleset would be most useful.
I can help you with some of this if you'd like. Send me an email if you're interested.
Cheers