PF Firewall Log Parser

Current version - 0.9.2

[ news ] [ about ] [ docs ] [ mailing lists ] [ screenshots ] [ downloads ] [ FAQ ] [ donations ]


2008.11.30 - Hatchet-0.9.2 has been releashed. This includes the bugfix for dates (yet again... this time for real). It also includes new regex for some encapsulated traffic types.

2008.07.03 - Hatchet-0.9.1 has been released. This is a bugfix release that fixes dates stored in the database and sorting in the cgi. Delete your pflog.db before upgrading. The OpenBSD port (security/hatchet) has already been updated.

2008.06.27 - Hatchet-0.9 has been released! On top of numerous changes (see CHANGELOG), I've also rolled a port of security/hatchet for OpenBSD -current. The biggest improvements for 0.9 include the use of mod_perl to easily install Hatchet in the default OpenBSD httpd chroot; no more frames; and the removal of built-in pfstat bits.


Hatchet is a log parsing/presentation program written for OpenBSD's PF logs. Hatchet should be useful to the typical PF administrator who wishes to review their PF logs in a chronological order via a graphical (web) interface. Hatchet archives the logs so that you can search past events. It also allows you to sort by column, so that you may isolate traffic by source or destination address, service, rule number, etc. Additionally, it provides external links to perform DNS queries on source addresses and service quries from SANS.

Hatchet uses a series of Perl regexes to match entries from the pflog logs. The log entries are stored in a SQLite database file, allowing for highly dynamic queries and statistics. If it finds one it doesn't have a match for, it will kick off an email to the system administrator (root@localhost) with the details. It's possible to install the web interface on a separate webserver, the INSTALL document covers each task and where it should be performed. Although Hatchet uses SQLite, it does not require installation of the full SQLite "suite", only the DBD::SQLite module, which incorporates the necessary libraries.

Hopefully you find this a useful, clean log viewing utility. I plan to incorporate new features eventually, particularly more advanced reporting, but time will tell. I happily accept feature requests, but I don't intend to incorporate features that would otherwise be best handled the "OpenBSD way". In other words, I won't add a PF ruleset editor, don't ask.

Thanks for trying out Hatchet. Please email me with your feedback, compliments, etc.

- Jason Dixon


The following documentation is available for Hatchet:

Mailing Lists

The following lists are available for the Hatchet Project:


Log Reporting:


MD5 (downloads/hatchet-0.9.2.tar.gz) = 6834b12b12fbb47a6fd57e0dfe6329c6
MD5 (hatchet-0.9.1.tar.gz) = 6ba61c77472434f6075bff5089733cdb
MD5 (hatchet-0.9.tar.gz) = c18df2d6fb312258d9b8c0c241a2aaca
MD5 (hatchet-0.8.1-rc1.tar.gz) = 65bbd5c5af10f9b01a8b632be150f2be
MD5 (hatchet-0.8.tar.gz) = ab5bc9dba21b6b2a9a6627ef7da3e846
MD5 (hatchet-0.7.1.tar.gz) = c7a192afeea78e69f272a3e280fb2c1d
MD5 (hatchet-0.7.tar.gz) = cf4c77a3413f9cf6ce5c6601f7149162
MD5 (hatchet-0.6.2.tar.gz) = 504a947d6448dfda08ddc40287790004
MD5 (hatchet-0.6.1.tar.gz) = ceccdc285bd62745cc330815dc2effb3
MD5 (hatchet-0.6.tar.gz) = e2103373b9cc6105016aa233f2f7e414
MD5 (hatchet-0.5.tar.gz) = f9451cd19a9e88a7f3ed287df44db3b7
MD5 (hatchet-0.4.tar.gz) = b10dc7ec1a876ddba474d411a936747b
MD5 (hatchet-0.3.tar.gz) = 48d90aad0bfe09a219db1a1cfb7ee0e5
MD5 (hatchet-0.2.tar.gz) = 4e89b55014a2b5546894c953eecaaec9
MD5 (hatchet-0.1.tar.gz) = ad04489cfd63795e1b2bd5ff914cf272


Donations help me support the development and hosting of the Hatchet project. Even something as simple as $1 here and there will go a long way towards recouping my colocation costs. All donations are submitted through PayPal's secure site.

A lack of donations won't keep me from working on Hatchet, but it sure doesn't hurt. Thanks!