From owner-freebsd-stable Thu Feb 1 21:24: 3 2001 Delivered-To: freebsd-stable@freebsd.org Received: from easynet-gw.netvalue.fr (unknown [212.180.121.161]) by hub.freebsd.org (Postfix) with ESMTP id E44BF37B491 for ; Thu, 1 Feb 2001 21:23:44 -0800 (PST) Received: from mail.netvalue.fr (unknown [192.168.1.13]) by easynet-gw.netvalue.fr (Postfix) with ESMTP id D3CEB8C52 for ; Fri, 2 Feb 2001 06:25:46 +0100 (CET) Received: from mail-hk.netvalue.fr ([192.168.100.13]) by mail.netvalue.fr (Netscape Messaging Server 3.6) with ESMTP id AAA54B7 for ; Fri, 2 Feb 2001 06:23:17 +0100 Received: from erwan.netvalue.fr ([192.168.100.100]) by mail-hk.netvalue.fr (Netscape Messaging Server 4.15) with ESMTP id G846Y100.QO2; Fri, 2 Feb 2001 13:22:49 +0800 Received: from netvalue.com (localhost [127.0.0.1]) by erwan.netvalue.fr (Postfix) with ESMTP id 178361A09; Fri, 2 Feb 2001 13:22:49 +0800 (HKT) Message-ID: <3A7A4428.F327E80D@netvalue.com> Date: Fri, 02 Feb 2001 13:22:48 +0800 From: Erwan Arzur Organization: NetValue Ltd. X-Mailer: Mozilla 4.76 [en] (X11; U; Linux 2.2.12 i386) X-Accept-Language: en, fr-FR MIME-Version: 1.0 To: "Thomas T. Veldhouse" Cc: freebsd-stable@freebsd.org Subject: Re: ipmon and periodic References: <01e501c08c7b$06bb7b30$3028680a@tgt.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG "Thomas T. Veldhouse" wrote: > > I sent this to the security list, but it didn't seem to attract any > attention - so I thought I would try it here as it is relevent. > > -- > > Has anybody written a script or modified the current nightly periodic > scripts to send ipmon output in the security email as is currently done for > ipfw? I have switched to ipfilter and I would like to see my daily ipmon > output - or at least the relavent stats. I would hate to replicate the work > if it has already been done :) > > Tom Veldhouse > veldy@veldy.net > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-stable" in the body of the message I did something like that. * copy and edit (adjust perl's path) /usr/src/contrib/ipfilter/perl/plog to /root/plog * patch /etc/security 164a165,171 > if [ -x /root/plog ]; then > if [ -f ${LOG}/ipmon.log ]; then > echo '${host} ipfilter blocked packets:' > /root/plog -nSA block < ${LOG}/ipmon.log > fi > fi > 184a192 > /root/plog is not the most appropriate location, i know ;-) Be careful to adjust /etc/newsyslog.conf so your ipmon log is rotated just after this script is ran, else you have a window open where some logged packets will not be in this report. I'd like to find a way to rotate it from /etc/security, but did not came out with an obvious solution. The most appropriate would be to split newsyslog into two commands, one for scheduling the rotation and another for actually rotating the logfiles ... -- Erwan Arzur NetValue ltd. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message