I run 2 abuse IP perl script that I got from dshield.com that read
my ipfilter log and create an email containing list of abusive
source ip address. Them last week I got hit by an Dos attack that
filled up my ipfilter logs. The logs were rotated by newsyslog past
the 3 deep specified in the newsyslog.conf file. The Dos attack did
not hurt me, but I lost many of the logs without running my abuse
scripts against them. I need some way to automatically run my abuse
scripts when ever just the ipfilter log gets rotated. Cron runs the
newsyslog command at the top of the hour. I will just add this
wrapper script to cron to run every 15 min. Reading man newsyslog
says I can create an wrapper script to issue the newsyslog command
using the -v flag for verbose to generate an o/p message and by
adding the path and name of the log I want to rotate to the end of
the command. Testing newsyslog -v /var/log/test will give an text
message which I can parse on and build logic around. Did some cut
and pasting from some scripts I had to create the following script
logic. I do not have any examples of perl scrip executing another
perl script or Freebsd command to copy from. I can not get the perl
syntax correct to call the newsyslog command, or my perl scripts I
want to run if the log was rotated.
Can someone please help me with this perl scrip?
#!/usr/bin/perl
use Getopt::Std;
getopts("v:s:");
$verbose=$opt_v;
# the verbose script option is used to create
#an ready trace of the logic flow.
# Path and file name of ipfilter log file
$logfile="/var/log/test";
$rotatedlogfile="/var/log/test.0";
debug("exec newsyslog cmd\n");
# the o/p of newsyslog verbose looks like this
#/var/log/test <10>: size (Kb): 76 [10] --> trimming log....
#/var/log/test <10>: size (Kb): 76 [100] --> skipping
# issue command and capture verbose o/p to $line
newsyslog "-v $logfile" > $line; # this statement gets error
debug("op from newsyslog cmd = $line\n");
# parse line to extract relevant field
@f=split(/\s+/,$line);
$rotated=$f[8];
debug("rotated = $rotated\n");
if ($rotated eq "skipping");
{
debug("log not rotated\n");
}
else;
{
debug("log rotated\n");
# run custom scripts, this is probably wrong also
abuse_dshield.pl -l /var/log/test.0;
abuse_adelphia.pl -l /var/log/test.0;
cat /var/log/test.0 >> /usr/log/test.all;
rm /var/log/test.0;
}
exit
sub debug
{
if ($verbose==1)
{ print(STDERR @_); }
}
_______________________________________________
freebsd-questions RemoveThis @freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
FAQ
Search
Profile
Private Messages
Log in
