From owner-freebsd-security  Thu Feb  1 12:12:23 2001
Delivered-To: freebsd-security@freebsd.org
Received: from icmp.dhs.org (unknown [24.108.142.198])
	by hub.freebsd.org (Postfix) with ESMTP id E204D37B69D
	for <freebsd-security@FreeBSD.ORG>; Thu,  1 Feb 2001 12:11:59 -0800 (PST)
Received: from localhost (modulus@localhost)
	by icmp.dhs.org (8.11.1/8.11.1) with ESMTP id f11KGlG72916;
	Thu, 1 Feb 2001 14:16:48 -0600 (CST)
	(envelope-from modulus@icmp.dhs.org)
Date: Thu, 1 Feb 2001 14:16:47 -0600 (CST)
From: disassembled <modulus@icmp.dhs.org>
To: "Thomas T. Veldhouse" <veldy@veldy.net>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: ipmon and periodic
In-Reply-To: <008c01c08c64$e07a3ee0$3028680a@tgt.com>
Message-ID: <Pine.BSF.4.21.0102011410090.72879-100000@icmp.dhs.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

I have written something like that.
although it can be improved iam sure.

I stored it under:
/etc/periodic/daily/470.status-dev-ipl

#!/usr/local/bin/bash
#Generates & report on logged firewall activity
#written by modulus@icmp.dhs.org 2001

_date=$(date)

/usr/bin/touch /tmp/cron.ipf

/sbin/ipmon -s -n I &
        /bin/sleep 2
        kill -n 9 \
                $(ps aux | grep ipmon | awk '{print $2}')

# you can get rid of then ipmon -s N if you are not interested 
# in your nat logging entries.

/sbin/ipmon -s N &
        /bin/sleep 2
        kill -n 9 \
               $(ps aux | grep ipmon | awk '{print $2}')

        echo Report Generated @ ${_date} > /tmp/cron.ipf
                echo syntax of ipmon: ipmon -s -n -I \
                        >> /tmp/cron.ipf

        /bin/cat /var/log/messages \
                | grep ipmon \
                        | awk '{ print $6,$7,$8,$9,$10,$11, \
                                        $12,$14,$15,$16,$17,$18,$19, \
                                                $20,$21,$22}' \
                                >> /tmp/cron.ipf
        /usr/bin/mail -s"firewall logged packet output" \
                root@icmp.dhs.org </tmp/cron.ipf

        /bin/rm -fR /tmp/cron.ipf
exit 0


On Thu, 1 Feb 2001, Thomas T. Veldhouse wrote:

> Has anybody written a script or modified the current nightly periodic
> scripts to send ipmon output in the security email as is currently done for
> ipfw?  I have switched to ipfilter and I would like to see my daily ipmon
> output - or at least the relavent stats.  I would hate to replicate the work
> if it has already been done :)
> 
> Tom Veldhouse
> veldy@veldy.net
> 
> 
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
> 



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message