ACID is great for analyzing snort logs. Are there any good software packages with that kind of power and flexibility for iptables logs? I think one place to start would be to find a way to have iptables log to a mysql database (like snort does).There are several tools-- check Sourceforge. For example, there is https://sourceforge.net/projects/iptablelog/
I actually maintain one called fwreport which operates directly on the logfiles themselves. While the 1.1.x release is not that flexible regarding reporting, the 1.2.x release (due in a week or two) will offer extremely powerful reporting capabilities without requiring access to databases, etc. Check it out at http://sourceforge.net/projects/fwreport/
Also if there are any feature requests for fwreport, please feel free to submit them ;^)
Best Wishes, Chris Travers
