fwlogwatch is a packet filter / firewall / IDS log analyzer written by Boris Wesslowski originally for RUS-CERT. It supports a lot of log formats and has many analysis options. It also features incident report and realtime response capabilities and an interactive web interface.


The commented configuration file supports and explains all options and will get you started quickly. For further information please read the README file. Scripts like a PIX name extractor, init scripts for the realtime response mode and a simple PHP web frontend are included.

fwlogwatch is open source software under the GNU General Public License (GPL). It is written in C and known to run at least on Linux, Mac OS X, Solaris, FreeBSD, OpenBSD and (through Cygwin or MinGW) on Windows 95 to 10.


The latest version is 1.5 2016-02-19

Other resources

An inter-release CVS is available at the fwlogwatch project page at SourceForge.

Feedback & contributions

fwlogwatch may complain about malformed entries or unrecognized tokens, why this happens and how you can help is explained on the unrecognized entry submission page.

If you would like to see fwlogwatch in your language, wrote your own response script, think you can enhance the documentation, have code or an idea to improve fwlogwatch or just want to add a reference and tell what you do with fwlogwatch get in contact with the author at bw <at> inside-security <dot> de...

Copyright © 2000-2023 Boris Wesslowski