Can someone recommend a program/script in FreeBSD's Ports that will analyze /var/log/pflog on a daily basis and provide me with a functional report? I don't care whether the report is plain text or html, so long as I get the info I need.

I'm primarily interested in the following details: Allowed traffic - to include SRC/DST IP and SRC/DST port, and protocol. (My PF ruleset supports gathering this information with the log directive.)

A quick bit of searching, and I've found:

hatchet (http://www.dixongroup.net/hatchet/) : Not in Ports
fwanalog (http://tud.at/programm/fwanalog/) : Doesn't seem actively maintained
A mishmash (http://unix.derkeiler.com/Mailing-Lists/FreeBSD/questions/2005-11/2610.html) of other unmaintained suggestions and expired URLs


Please note that the periodic script 520.pfdenied is not sufficient for my needs. (I want to see allowed packets as described above.) I'd also prefer to not re-invent the wheel by writing something from scratch.

Any ideas?

You need to use pfstat for graphing PF performance data - http://www.benzedrine.cx/pfstat.html
I also used fwanalog and it works too.


Other tools

tcpdump good for viewing logs in real time.
pfctl for viewing performance counters.
pftop for viewing active connections.

Nyet on the pfstat, tcpdump, pfctl, and pftop suggestions. Those are good tools, but don't meet my reporting needs (described above).

However, maybe I underestimated security/fwanalog. Its project page (http://tud.at/programm/fwanalog/) hasn't been updated since '05, but the Port commit history (http://www.freshports.org/security/fwanalog/) shows updates in '07. Maybe it is not abandoned after all. :)

I'm going to give it a go.

Update: Long story short -- fwanalog is not going to cut it. I rolled my own reporting tool and shared it here (http://forums.freebsd.org/showthread.php?t=3592).