Man page or keyword search:   man All Sections 1 - General Commands 2 - System Calls 3 - Subroutines, Functions 4 - Special Files 5 - File Formats 6 - Games and Screensavers 7 - Macros and Conventions 8 - Maintenence Commands 9 - Kernel Interface New Commands Server 4.4BSD AIX Alpinelinux Archlinux Aros BSDOS BSDi Bifrost CentOS Cygwin Darwin Debian DigitalUNIX DragonFly ElementaryOS Fedora FreeBSD Gentoo GhostBSD HP-UX Haiku Hurd IRIX Inferno JazzOS Kali Knoppix LinuxMint MacOSX Mageia Mandriva Manjaro Minix MirBSD NeXTSTEP NetBSD OPENSTEP OSF1 OpenBSD OpenDarwin OpenIndiana OpenMandriva OpenServer OpenSuSE OpenVMS Oracle PC-BSD Peanut Pidora Plan9 QNX Raspbian RedHat Scientific Slackware SmartOS Solaris SuSE SunOS Syllable Tru64 UNIXv7 Ubuntu Ultrix UnixWare Xenix YellowDog aLinux   44335 pages apropos Keyword Search (all sections) Output format html ascii pdf view pdf save postscript

IPFWCOUNT(1)	      User Contributed Perl Documentation	  IPFWCOUNT(1)

NAME
       ipfwcount - Summarise ipfw logs

SYNOPSIS
       ipfwcount [-adinNoq] [-e expr] -k key[,key...] [-t top] [file...]

DESCRIPTION
       ipfwcount summarises ipfw(8) logs by counting and sorting the fields.
       The following fields are recognised:

	   rule action proto type shost sport dhost dport dir iface

       By default, all input lines are processed - this can be restricted with
       the -a, -d, -i and -o options to count allowed, denied, incoming and
       outgoing packets respectively.

       The logs can be filtered further with the -e option - see "EXAMPLES".

       At least one sort key must be given using the -k option. ipfwcount will
       list all the unique values in this field, from the most to the least
       common.	Repeat this option to create multiple lists, or use comma
       separated keys to create nested lists.

       To list only the first top values in each field, use the -t option.

       If the -n option is given, port numbers and IP addresses are resolved
       in the output. With the -N, option, all input lines are resolved before
       filtering (which may take some time).

       If no files are specified, ipfwcount reads from standard input.

OPTIONS
       -a  Count allowed packets

       -d  Count denied packets

       -i  Count incoming packets

       -n  Lookup host and service names

       -N  Lookup names before filtering

       -o  Count outgoing packets

       -q  Don't print headers

       -e expr
	   Filter expression - see "EXAMPLES"

       -k key[,key...]
	   Sort key(s)

       -t top
	   Show only the top top entries

EXAMPLES
       Show the top 10 denied ports for incoming traffic:

	   ipfwcount -di -k dport -t 10 /var/log/security

       Show the hosts attempting to connect to those ports:

	   ipfwcount -di -k dport,shost -t 10 /var/log/security

       Sort incoming connections by interface and protocol:

	   ipfwcount -ai -k iface,proto /var/log/security

       For more sophisticated filtering, use the -e option - it takes a Perl
       expression, using field names as variables.

       Show denied ports above 1024:

	   ipfwcount -di -e 'dport > 1024' -k dport /var/log/security

       Show traffic leaving the local network:

	   ipfwcount -ao -e 'dhost !~ /^192\.168/' -k dhost /var/log/security

       The expression passed to -e can also modify field values. This
       'feature' may occasionally be useful.

       Show the class C network of denied hosts:

	   ipfwcount -di -e 'shost =~ s/\d+$/0/' -k shost /var/log/security

       Note that Perl uses different comparison operators for numbers and
       strings - see perlop(1).

SEE ALSO
       ipfw(8), perlop(1)

AUTHOR
       Robert Archer <ipfwcount@deathbeforedecaf.net>

perl v5.20.3			  2015-10-07			  IPFWCOUNT(1)

Vote for polarhome