Hi,

This was part of my talk last week at a conference, but I also made a blog from it: https://www.balabit.com/blog/how-to-create-heat-maps-to-show-whos-trying-to-connect-your-router/

You can parse iptables logs (or other firewalls using key=value format) using in syslog-ng using the key=value and GeoIP parsers, store it to Elasticsearch and display the results in Kibana.

Bye,

Peter Czanik (CzP) <peter.czanik@balabit.com>
Balabit / syslog-ng upstream
https://www.balabit.com/blog/author/peterczanik/
https://twitter.com/PCzanik