From owner-freebsd-questions@FreeBSD.ORG Wed May 12 14:42:41 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 831EE16A4CE for ; Wed, 12 May 2004 14:42:41 -0700 (PDT) Received: from mta9.adelphia.net (mta9.adelphia.net [68.168.78.199]) by mx1.FreeBSD.org (Postfix) with ESMTP id CA97043D1D for ; Wed, 12 May 2004 14:42:40 -0700 (PDT) (envelope-from Barbish3@adelphia.net) Received: from barbish ([67.20.101.71]) by mta9.adelphia.net (InterMail vM.5.01.06.08 201-253-122-130-108-20031117) with SMTP id <20040512214240.NJFF26615.mta9.adelphia.net@barbish> for ; Wed, 12 May 2004 17:42:40 -0400 From: "JJB" To: "freebsd-questions@FreeBSD. ORG" Date: Wed, 12 May 2004 17:42:39 -0400 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409 Importance: Normal Subject: issue newsyslog cmd from perl scrip X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Barbish3@adelphia.net List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 12 May 2004 21:42:41 -0000 I run 2 abuse IP perl script that I got from dshield.com that read my ipfilter log and create an email containing list of abusive source ip address. Them last week I got hit by an Dos attack that filled up my ipfilter logs. The logs were rotated by newsyslog past the 3 deep specified in the newsyslog.conf file. The Dos attack did not hurt me, but I lost many of the logs without running my abuse scripts against them. I need some way to automatically run my abuse scripts when ever just the ipfilter log gets rotated. Cron runs the newsyslog command at the top of the hour. I will just add this wrapper script to cron to run every 15 min. Reading man newsyslog says I can create an wrapper script to issue the newsyslog command using the -v flag for verbose to generate an o/p message and by adding the path and name of the log I want to rotate to the end of the command. Testing newsyslog -v /var/log/test will give an text message which I can parse on and build logic around. Did some cut and pasting from some scripts I had to create the following script logic. I do not have any examples of perl scrip executing another perl script or Freebsd command to copy from. I can not get the perl syntax correct to call the newsyslog command, or my perl scripts I want to run if the log was rotated. Can someone please help me with this perl scrip? #!/usr/bin/perl use Getopt::Std; getopts("v:s:"); $verbose=$opt_v; # the verbose script option is used to create #an ready trace of the logic flow. # Path and file name of ipfilter log file $logfile="/var/log/test"; $rotatedlogfile="/var/log/test.0"; debug("exec newsyslog cmd\n"); # the o/p of newsyslog verbose looks like this #/var/log/test <10>: size (Kb): 76 [10] --> trimming log.... #/var/log/test <10>: size (Kb): 76 [100] --> skipping # issue command and capture verbose o/p to $line newsyslog "-v $logfile" > $line; # this statement gets error debug("op from newsyslog cmd = $line\n"); # parse line to extract relevant field @f=split(/\s+/,$line); $rotated=$f[8]; debug("rotated = $rotated\n"); if ($rotated eq "skipping"); { debug("log not rotated\n"); } else; { debug("log rotated\n"); # run custom scripts, this is probably wrong also abuse_dshield.pl -l /var/log/test.0; abuse_adelphia.pl -l /var/log/test.0; cat /var/log/test.0 >> /usr/log/test.all; rm /var/log/test.0; } exit sub debug { if ($verbose==1) { print(STDERR @_); } }