Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 02 Feb 2001 13:22:48 +0800
From:      Erwan Arzur <erwan@netvalue.com>
To:        "Thomas T. Veldhouse" <veldy@veldy.net>
Cc:        freebsd-stable@freebsd.org
Subject:   Re: ipmon and periodic
Message-ID:  <3A7A4428.F327E80D@netvalue.com>
References:  <01e501c08c7b$06bb7b30$3028680a@tgt.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
"Thomas T. Veldhouse" wrote:
> 
> I sent this to the security list, but it didn't seem to attract any
> attention - so I thought I would try it here as it is relevent.
> 
> --
> 
> Has anybody written a script or modified the current nightly periodic
> scripts to send ipmon output in the security email as is currently done for
> ipfw?  I have switched to ipfilter and I would like to see my daily ipmon
> output - or at least the relavent stats.  I would hate to replicate the work
> if it has already been done :)
> 
> Tom Veldhouse
> veldy@veldy.net
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-stable" in the body of the message

I did something like that.

* copy and edit (adjust perl's path) /usr/src/contrib/ipfilter/perl/plog
to /root/plog
* patch /etc/security 

164a165,171
> if [ -x /root/plog ]; then
>       if [ -f ${LOG}/ipmon.log ]; then
>               echo '${host} ipfilter blocked packets:'
>               /root/plog -nSA block < ${LOG}/ipmon.log
>       fi
> fi
>       
184a192
>       

/root/plog is not the most appropriate location, i know ;-)

Be careful to adjust /etc/newsyslog.conf so your ipmon log is rotated
just after this script is ran, else you have a window open where some
logged packets will not be in this report. I'd like to find a way to
rotate it from /etc/security, but did not came out with an obvious
solution. The most appropriate would be to split newsyslog into two
commands, one for scheduling the rotation and another for actually
rotating the logfiles ...
--
Erwan Arzur
NetValue ltd.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3A7A4428.F327E80D>