2006.07.28 - There is a release candidate (0.8.1-rc1) available in the downloads section below, or you can get it from the Subversion repository online. Instructions available here for downloading the source.
2006.07.27 - Created a development project at the new Google Code hosting site. You can find Hatchet here.
2005.06.21 - A couple of patches are available to fix hatchet-0.8. These affect the main hatchet parsing script as well as the chroot documentation. Patch 0 and Patch 1.
2005.06.01 - Francois Cassista just pointed out that README.chroot should mention the chroot copy of hatchet.conf. The online version has been updated to reflect this, and the next version of Hatchet should contain this fix. Thanks Francois!
2005.05.12 - Update (0.8). Reorganization and fixes of all documentation. Moved all cgi-bin/* to the default /cgi-bin/. Moved all settings to the new hatchet.conf. Fixed the "Transaction aborted" bug in hatchet. Regex additions for HSRP, ICMP, SNMP, and DNS replies.
Hatchet is a log parsing/presentation program written for OpenBSD's PF logs. Hatchet should be useful to the typical PF administrator who wishes to review their PF logs in a chronological order via a graphical (web) interface. Hatchet archives the logs so that you can search past events. It also allows you to sort by column, so that you may isolate traffic by source or destination address, service, rule number, etc. Additionally, it provides external links to perform DNS queries on source addresses and service quries from SANS.
Hatchet uses a series of Perl regexes to match entries from the pflog logs. The log entries are stored in a SQLite database file, allowing for highly dynamic queries and statistics. If it finds one it doesn't have a match for, it will kick off an email to the system administrator (root@localhost) with the details. It's possible to install the web interface on a separate webserver, the INSTALL document covers each task and where it should be performed. Although Hatchet uses SQLite, it does not require installation of the full SQLite "suite", only the DBD::SQLite module, which incorporates the necessary libraries.
Hopefully you find this a useful, clean log viewing utility. I plan to incorporate new features eventually, particularly more advanced reporting, but time will tell. I happily accept feature requests, but I don't intend to incorporate features that would otherwise be best handled the "OpenBSD way". In other words, I won't add a PF ruleset editor, don't ask.
Thanks for trying out Hatchet. Please email me with your feedback, compliments, etc.
- Jason Dixon|
Log Reporting:
|
PF Throughput:
|
MD5 (hatchet-0.8.1-rc1.tar.gz) = 65bbd5c5af10f9b01a8b632be150f2be
MD5 (hatchet-0.8.tar.gz) = ab5bc9dba21b6b2a9a6627ef7da3e846
Donations help me support the development and hosting of the Hatchet project. Even something as simple as $1 here and there will go a long way towards recouping my colocation costs. All donations are submitted through PayPal's secure site.
A lack of donations won't keep me from working on Hatchet, but it sure doesn't hurt. Thanks!