Ubuntu QA:
BlogBrainstormPackage status
Log in
Ubuntu QA
The Ubuntu community has contributed 22700 ideas, 138270 comments, 2629576 votes
Idea sandbox Idea sandbox
Popular ideas Popular ideas
Ideas in development Ideas in development
Implemented ideas Implemented ideas
Idea #28288: Make a Firewall Log File Viewer that logs application names

bug This idea was marked as being not considered for implementation the 1 November 11.
Written by ester4 the 18 Jul 11 at 03:22. Category: Internet & Networking. Related project: Nothing/Others. Status: Won't implement
Rationale
There are no Firewall Log File Viewers that display the name of the application that is connecting or attempting to connect to the internet in the Log File.

The ability to create a Log File that keeps track of what applications connect to the internet can have many privacy and security uses in addition to giving users more control over and understanding of applications' internet connection behavior. Personally, I like to utilize Outbound Filtering in my firewall. When the firewall log records a blocked outgoing internet connection attempt, I want to know not only what IP addresses and port numbers were involved but also what application initiated the attempt. Presently, there is no software that can record such a log file in Ubuntu.



Tags: firewall

25
votes
closed
Solution #1: Make a Firewall Log File Viewer that logs application names
Written by ester4 the 18 Jul 11 at 03:22.
Make an easily understood & readable Firewall Log File Viewer (e.g., something like fwlogwatch) that reports the application that initiated an internet connection or attempted a connection along with the usual firewall log information of date, time, IP addresses, ports, protocol, etc.

Propose your solution

Attachments
No attachments.


Duplicates


Comments
cheesehead (Brainstorm admin) wrote on the 26 Jul 11 at 14:23
Do you mean that the firewall logging process should add the application name?
If so, take a look at http://superuser.com/questions/34782/with-linux-iptables-is-it-possible-to-log- the-process-command-name-that-initiate for severals idea on how you can do this.
If a community member wants to add this feature to IPtables, this seems like a good starting point.

Or do you really mean that the log viewer should try to figure out what the application was?

ester4 wrote on the 30 Jul 11 at 14:31
Yeah, the firewall logging process should add the application name. I think the superuser.com link you posted sums it up. I'm glad to see I'm not the only one that would find this useful. Programming this myself is unfortunately over my head, so I'll have to wait and see if someone else is motivated enough to do it and make it available to all users :)

I don't understand how the log viewer would figure out what the application was. I don't understand what you mean?

ipadm wrote on the 1 Aug 11 at 09:22
I was thinking of it a long time ago, why Ubuntu havn't user friendly traffic control system (like windows border systems), which will build iptables rules on wizard dialog right in the moment wen application is trying to use network.

Linux is such useful in network but havn't such easy and light application. Wireshark and nethogs combined with iptables may be the basis for that application.

pablitofuerte wrote on the 6 Oct 11 at 18:50
Maybe you could be interested in something like ufw-frontends:
http://code.google.com/p/ufw-frontends/

cheesehead (Brainstorm admin) wrote on the 1 Nov 11 at 00:42
Unfortunately, this idea was not selected for review by the Technical Board in September 2011 or for a UDS session in November 2011.
Closing in Brainstorm.


Post your comment