[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [SLUG] Ipchains Loging

To: Chris MacKenzie <cmackenz@nospam.optushome.com.au>
Subject: Re: [SLUG] Ipchains Loging
From: Howard Lowndes <lannet@nospam.lannet.com.au>
Date: Sat, 1 Apr 2000 23:48:14 +1000 (EST)
cc: Slug <slug@nospam.slug.org.au>
In-Reply-To: <38E46B0D.81158587@nospam.optushome.com.au>
Sender: owner-slug@nospam.newtreno.spectrum.com.au

Wriet a shell script grep'ping out what you want from the
/var/log/messages and having it emailed to you.

Try this as an example (some lines may be wrapped):

#!/bin/sh

PATH=/bin:/usr/bin:/usr/local/bin:/sbin:/usr/sbin:/usr/local/sbin

# get the site parameters
if [ -e /etc/lannet-params ]; then
        . /etc/lannet-params
        case ${MANAGERLEVEL} in
                2|3)
                CC="-c ${MANAGERMAIL}";;
                *)
                CC=;;
        esac
else
        CLIENTMAIL="root@nospam.localhost"
        CC=
fi

ipchains -L hain -vn >/tmp/hacct

ipchains -L haout -vn >>/tmp/hacct

cat /tmp/hacct | mail -s "** MANAGEMENT `uname -n` - Daily interface traffic stats" ${CC} ${CLIENTMAIL} 1>/dev/null

ipchains -L -Z -vxn >>/var/log/traffic.log

date >>/var/log/traffic.log

mv -f /tmp/today /tmp/yesterday

date +"%b %d" | sed -e "s/ 0/  /" > /tmp/today

grep "Packet log" /var/log/messages | grep -e DENY -e REJECT | grep "`cat /tmp/yesterday`" | mail -s "** MANAGEMENT `uname -n` - Firewall log entries, denials only" ${CC} ${CLIENTMAIL} 1>/dev/null

grep -e CONNECT -e BUSY /var/log/messages | grep -v \( | grep "`cat /tmp/yesterday`" | mail -s "** MANAGEMENT `uname -n` - Reconnections" ${CC} ${CLIENTMAIL} 1>/dev/null

grep "`cat /tmp/yesterday`" /var/log/secure | mail -s "** MANAGEMENT `uname -n` - Secure Logins" ${CC} ${CLIENTMAIL} 1>/dev/null

last | grep "`cat /tmp/yesterday`" | mail -s "** MANAGEMENT `uname -n` - Normal logins" ${CC} ${CLIENTMAIL} 1>/dev/null

sendmail -q



Howard.
______________________________________________________
LANNet Computing Associates <http://www.lannet.com.au>

On Fri, 31 Mar 2000, Chris MacKenzie wrote:

> Hi All,
>  
> Just a simple (I hope) query.
> I've currently got my ipchains logging to /var/log/messages and I also
> use logrotate to rotate the logs and email them each night. The problem
> I have is that after log rotate does it's thing, ipchains logging no
> longer works without re-running the rc.firewall script.
>  
> Is there a better way than re-running rc.firewall in the post-rotate ?
> 
> -- 
> Rgds,
> Chris MacKenzie
> cmackenz@nospam.optushome.com.au
> 
> Windows 95/NT - 32 bit extensions and a graphical shell
>                 for a 16 bit patch to an 8 bit operating
>                 system originally coded for a 4 bit
>                 microprocessor, written by a 2 bit company
>                 that can't stand 1 bit of competition.
> --
> SLUG - Sydney Linux Users Group Mailing List - http://www.slug.org.au
> To unsubscribe send email to slug-request@nospam.slug.org.au with
> unsubscribe in the text
> 

--
SLUG - Sydney Linux Users Group Mailing List - http://www.slug.org.au
To unsubscribe send email to slug-request@nospam.slug.org.au with
unsubscribe in the text

Prev by Date: [SLUG] Business & Linux.
Next by Date: [SLUG] ES1371
Prev by thread: [SLUG] Business & Linux.
Next by thread: [SLUG] ES1371
Index(es):
- Date
- Thread