Firegaze : processing and visualizing firewall logs in the cloud

Van Tonder, R.; Visser, W.

Firegaze : processing and visualizing firewall logs in the cloud

Files

vantonder_firegaze_2013.pdf(1.2 MB)

Date

2013

Authors

Van Tonder, R.

Visser, W.

Publisher

SATNAC

Abstract

This project aims to visualise packet counts filtered by iptables at the network layer, and allows for performing network forensics in a distributed environment. For example, anomalies such as bandwidth spikes and port scans are exposed and quickly identifiable. Naturally, there are a host of tools which already perform this function. The twist with this project is that it should operate on a scalable cloud infrastructure—Nimbula Director is used as a test bed to this end. Intrusion Detection Systems and full-blown Security Information and Event Management (SIEM) solutions have their merits but are often too bulky. Cloud infrastructures rely principally on correctly configured firewalls for network-layer security. As such, Firegaze is a prototype solution which serves as a supplement to network layer security by visualizing firewall activity; it does not perform any analysis, but rather leaves it up to the system administrator to identify anomalous activity. Typically, log files are only needed once an incident occurs, or in the event of system failure. The idea behind Firegaze was to provide a solution for visualizing iptables logs in real-time, or on a historical basis. The challenge of doing this in an environment which scales has influenced the implementation greatly; logs are propagated among nodes in a hierarchical manner, and logs are inserted into a sharded MongoDB database according to a pre-aggregated reports pattern.

Description

CITATION: Van Tonder, R. & Visser, W. 2013. Firegaze : processing and visualizing firewall logs in the cloud. In Southern Africa Telecommunication Networks and Applications Conference (SATNAC) 2013 Proceedings, 1-4 September, Stellenbosch, pp.167-172.
The original publication is available at http://www.satnac.org.za

Keywords

Cloud computing, Firewalls (Computer security), Visualization

Citation

Van Tonder, R. & Visser, W. 2013. Firegaze : processing and visualizing firewall logs in the cloud. In Southern Africa Telecommunication Networks and Applications Conference (SATNAC) 2013 Proceedings, 1-4 September, Stellenbosch, pp.167-172.

URI

http://hdl.handle.net/10019.1/90960

Collections

Conference Proceedings (Computer Science)

Full item page