New PF reporting tool: Hatchet

Contributed by jose on 2004-01-08 from the tools dept.

fuzzyping writes: "Introducing the initial release of Hatchet, a PF reporting tool. Features include parsing and viewing of PF logfiles (up to 7 days' worth) and pfstat graphs for viewing network utilization. Written in Perl, it offers an attractive and simple interface for viewing firewall activity.

More information can be found at the Hatchet website ."

(Comments are closed)

Comments

By Jim () on 2004-01-08 14:41

I haven't downloaded or run your software, but from looking at the install document, you could change step 6 to HTML::Template in the ports tree...

Just a thought.
Comments
1. By fuzzyping () jason_NO_SPAM@dixongroup_NO_SPAM.net on 2004-01-08 14:45 http://www.dixongroup.net/hatchet/
  
  Wasn't aware it was in ports. Either way will work fine. If it ever appears that the non-ported version of HTML::Template has problems, I'll defer to the ports version. For now, I see no real reason to change.
  Comments
  1. By Jim () on 2004-01-08 16:50
    
    Not to beat a dead horse, but I will anyway... :-)
    
    When you make your app a port, you can specify the HTML::Template port as a build dependency.
    
    I always try to stand on the shoulders of giants where possible.
    
    Cheers.
    
    Comments
    
    By fuzzyping () jason_NO_SPAM@dixongroup_NO_SPAM.net on 2004-01-08 16:57 http://www.dixongroup.net/hatchet/
    
    Hey, I'd love to make it into a port, but I've never done one. I've glanced at the documentation on the OpenBSD and FreeBSD sites, but I really don't have the desire/patience/motivation to go through all that right now.
    
    Hopefully some day. :)
By sandolo () sandman@mufhd0.net on 2004-01-08 15:46 http://autistici.org/sandolo/

It's a very nice tool, simple and useful.
Try it! :)
By Matt Van Mater () on 2004-01-08 15:47

First off, I think it looks like a great little app. I haven't installed or run it yet, so excuse me if this functionality is already there. Some features i'd like to see:

Sorting based upon your column headers
Collapseexpand groups of similar data (ie sort by src ip, expand to show all traffic generated by that ip). Easier said than done I know :)
Comments
1. By fuzzyping () jason_NO_SPAM@dixongroup_NO_SPAM.net on 2004-01-08 16:17 http://www.dixongroup.net/hatchet/
  
  I agree, this has been on my mind lately as a future enhancement. Unfortunately, this suggests a CGI. Imagine trying to load/parse a fairly large pflog, on the fly, and generating the HTML output. Not pretty.
  
  The alternative would be to dump everything in a database, but that's not really ideal for logs either. Any other ideas?
  Comments
  1. By marco () on 2004-01-08 16:41
    
    any reason they need to be parsed on the fly?
    
    why not build the html and images ahead of time
    (ala cron), store them, and then (if one must)
    rely on dynamic pages to reference static material?
    
    Comments
    
    By fuzzyping () jason_NO_SPAM@dixongroup_NO_SPAM.net on 2004-01-08 17:04 http://www.dixongroup.net/hatchet/
    
    I don't really see how that could be done. There aren't any images to speak of. The HTML is the log data. The idea is to click on a header, which requests the data sorted in a different way. How would you propose pre-sorting the data of 7 different columns? If each page were a static view, that would require a hell of a lot of different page layouts.
    
    The alternative would be to use embedded frames for each column (ugh!), sourcing the pre-sourted pages. That's even uglier.
    
    Perhaps you could point me in the direction of a good example tutorial, or clarify where I'm not thinking clearly.
    
    Comments
    
    By Jon () on 2004-01-08 21:12
    
    It'd be a nice feature... but .. this really sounds like a job for a database. I kinda like how your app is going so far, nice and simple. Involving a DB and CGI would just make things bloated I think.
    
    Unless you want to go that route :) I'll be interested to see what you come up with.
    
    Comments
    
    By Anonymous Coward () on 2004-01-09 12:26
    
    What about sending the data to a remote database. Then possibly integrate it into ACID, or another such front end to help with correlation...
    
    By marco () on 2004-01-08 21:37
    
    my bad. i lapsed.
    
    i too think a db would be bloat, but perhaps sqllite? the data would still have to get sorted tho, so even something like LIMIT 0,25 still kind of defeats the purpose. hmm.
    
    i plan on playing with it tomorrow though. maybe i won't lapse this time.
    
    looks excellent btw!

Latest Articles

Thu, Apr 18
- 05:05 Coming soon to a -current system near you: parallel raw IP input (0)
Wed, Apr 17
- 05:33 In -current, default write format for tar(1) changed to "pax" (10)
Wed, Apr 10
- 18:50 OpenSMTPD 7.5.0p0 Released (2)
Tue, Apr 09
- 04:49 20 years since "and we're just starting": undeadly.org turns 20 (2024-04-09) (13)
Fri, Apr 05
- 06:16 OpenBSD 7.5 released (3)
Thu, Mar 28
- 18:18 LibreSSL 3.8.4 and 3.9.1 released (0)
Tue, Mar 12
- 06:53 OpenSSH 9.7/9.7p1 released! (0)
Mon, Mar 11
- 11:28 Game of Trees 0.97 released (0)
Sun, Mar 10
- 09:06 LibreSSL versions 3.8.3 and 3.9.0 released (0)

Credits

Copyright © 2004-2008 Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to April 2nd 2004 as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]