
Source (link to git-repo or to original if based on someone elses unmodified work): Add the source-code for this project on opencode.net
KLogWatch sits in the system tray and monitors a kernel log file for Netfilter (ie. iptables) log lines. Clicking on the System Tray icon opens up a window with a history of all the logged packets. Users can then perform basic operations on the packet information (whois, traceroute, host, etc.).
14 years ago
Version 2.0.3:
Do proper column sorting on addresses and ports.
Version 2.0.2:
Be sure to save config when a session closes
Add ping command
Actually use dest IP address when doing traceroute on dest IP
Allow use of $(DESTDIR) during installation. Thanks to Tiziano Mueller for the initial patch.
Version 2.0.1:
Fixed error message reporting of an invalid logfile
Version 2.0:
New features:
* New columns to account for all netfilter log info
* Select which columns to see
* Column size and order saved
* Window size and position saved
* Right mouse button actions
* Adjustable print font
* Can now print/save window contents or raw log messages
Changes:
* Some code cleanups; more on the way
* Changing configuration does not require restart
* Desktop file installed automatically
* Removed popup on alert action; all alerts appear in the tray
* Debian package files and RPM spec file included
Version 1.8.4:
Fixed bug in Save As option
New cleaner icons
Added uninstall make target
Version 1.8.3:
Corrected to work properly when log-rotation occurs
Use proper KDE config file location
(Copy your ~/.klogwatch to ~/.kde/share/config/klogwatchrc).
Don't scroll down to new packets if window already visible
Version 1.8.2:
Corrected "parsed == false" assertion failure on startup under latest KDE versions.
Version 1.8.1:
Fixed SIGABRT Mandrake problem where /var/log/kernel is a directory
Version 1.8:
Fixed the autoconf system for Fedora/Mandrake/Debian
Added sort by destination port
Lookup protocol numbers in /etc/protocols to give names
14 years ago
Version 2.0.3:
Do proper column sorting on addresses and ports.
Version 2.0.2:
Be sure to save config when a session closes
Add ping command
Actually use dest IP address when doing traceroute on dest IP
Allow use of $(DESTDIR) during installation. Thanks to Tiziano Mueller for the initial patch.
Version 2.0.1:
Fixed error message reporting of an invalid logfile
Version 2.0:
New features:
* New columns to account for all netfilter log info
* Select which columns to see
* Column size and order saved
* Window size and position saved
* Right mouse button actions
* Adjustable print font
* Can now print/save window contents or raw log messages
Changes:
* Some code cleanups; more on the way
* Changing configuration does not require restart
* Desktop file installed automatically
* Removed popup on alert action; all alerts appear in the tray
* Debian package files and RPM spec file included
Version 1.8.4:
Fixed bug in Save As option
New cleaner icons
Added uninstall make target
Version 1.8.3:
Corrected to work properly when log-rotation occurs
Use proper KDE config file location
(Copy your ~/.klogwatch to ~/.kde/share/config/klogwatchrc).
Don't scroll down to new packets if window already visible
Version 1.8.2:
Corrected "parsed == false" assertion failure on startup under latest KDE versions.
Version 1.8.1:
Fixed SIGABRT Mandrake problem where /var/log/kernel is a directory
Version 1.8:
Fixed the autoconf system for Fedora/Mandrake/Debian
Added sort by destination port
Lookup protocol numbers in /etc/protocols to give names
TrashOverride
13 years ago
One question though, it says that /var/log/kernel is not found (and i dont have it). I tried dmesg, messages.1, syslog.1, but none when they are loaded nothing is shown...
i'm using slackware 12, kernel 2.6.23.12, kde 3.5.7
Report
TrashOverride
13 years ago
i used syslog.1 instead of syslog.
Report
pupil
14 years ago
http://donnie.110mb.com/downloads.php?cat_id=2
For GPG key, please look at the front page of my site.
Report
pupil
14 years ago
Report
jstamp
14 years ago
Best,
John
Report
nickbattle
14 years ago
Report
papa
14 years ago
Report
nickbattle
14 years ago
Fixed fonts are nicer for klogwatch because thnigs like IP addresses line up.
HTH,
-nick
Report
EliasP
14 years ago
Report
nickbattle
14 years ago
I've not tried, but it should work via an NFS mount. The program itself only knows about a "file" that contains the logs.
Report
EliasP
14 years ago
But that's too unsecure for some environments. Maybe you find a solution using the KDE kio SSH (fish) implementation.
Regards,
Elias P.
Report
jstamp
14 years ago
How do you currently do remote logging? There's info out there about how to set up syslog or syslog-ng to securely receive remote log events. I haven't tried it, but I suspect that klogwatch would be able to pick up those alerts in that kind of setup.
Report
nickbattle
14 years ago
Report
starseeker
16 years ago
Report
mattepiu
15 years ago
not, however, select which packet to allow
"on the fly" (since logging is done on dropped packets...)
Report
nickbattle
16 years ago
Report
huru
16 years ago
And one suggestion: How about adding possibility to configure which events should trigger popup (or system tray) alarm? I don't really care about those gazillions of windows network messages that tend to be blocked :) Then again I guess I could just not log them but would be a nice addition anyway. Thanks for nice piece of software!
Report
nickbattle
16 years ago
Report
nickbattle
16 years ago
It shouldn't stop monitoring (of course!). How do you know that it's not monitoring the file - new events not registering? If you run KLogWatch from the command line, and use -d (debug), is there any extra information? You should see a "." printed every time it checks the logfile for new content (the Poll interval).
I like the other idea. How to specify what you do/don't want to see though. Just by port/protocol?
Report
huru
16 years ago
Report
nickbattle
16 years ago
I'd not thought about this before, but if that happens - so a particular logfile (inode) is no longer being written to - then of course the program wouldn't notice (and I should try to do something about it, like close and re-open the file by name every so often!)
Report
nickbattle
16 years ago
Can you mail it to me home address (the freeuk.com address on my profile here, or in the Help panel of the program). Gzipped would help - modem I'm afraid :-)
Report
nickbattle
16 years ago
Report
xcallejas
16 years ago
just a question (i don't know if is a stupid one), I use Linux SmoothWall in my gateway (in a i386 oldi) and I really need to monitor the logs of iptables, but this box don't have any graphics lib. or something like.
What can I do to compile this program for this kind of distribution and run it in my X11 linux desktop via ssh???
thankyou.
Report
nickbattle
16 years ago
KLogWatch just tails a file, so if you can dynamically pull your Netfilter log files back to the graphical machine, KLogWatch will "watch" them for you. I don't know much about ssh and whether it's possible to spool a file continuously between machines like this. Obviously something like an NFS mount should work.
Once you've got the file "coming over", you point KLogWatch at it with the -f option (or use the setup menu to change the monitored file).
You may really want to find a static log analyiser - ie. one which looks at the logs on a regular basis (say every day) rather than dynamically watching the log file? There are other log tools which do this.
HTH,
Report