RE: [fwAnalog] (no subject)

From: Aaron Axelsen (axelseaa~AT~amadmax.com)
Date: Fri Aug 16 2002 - 17:47:29 CEST


#!/bin/sh

########################################################################
###
#
# User-changeable options for fwanalog.sh
#
# $Id: fwanalog.opts.linux24,v 1.12 2002/05/03 19:22:38 bb Exp $
#
########################################################################
###

outdir="/var/www/html/fwanalog/
# The directory where the output goes to, without / at the end. You need
write
# permissions, of course, and should secure this directory with
permissions,
# minefields, guard dogs etc. It will be created if you don't have it
yet.

logformat="iptables"
# What log format your firewall writes.
# Currently available options:
# iptables Linux 2.4 iptables (probably in
/var/log/messages)
# ipchains Linux 2.2 ipchains (probably in
/var/log/messages)
# ipf BSD/Solaris ipfilter (probably in
/var/log/ipflog)
# openbsd this was the same as ipf until OpenBSD 2.9; this
also
# seems to work on NetBSD
# freebsd FreeBSD's output format (probably in
/var/log/ipflog)
# solarisipf Solaris 8.0 Intel ipf 3.4.20 (using ipmon -sn &)
# pf_30 OpenBSD 3.0 pf binary log format
# fwanalog *must* run on OpenBSD
3.0 for this to work
# (because of the special tcpdump
of OpenBSD)
# zynos ZyNOS (ZyXEL, Netgear) logfile

# Feel free to program a parser for your firewall if it is not
supported.
# See the comments in iptables() and ipf()
#
# The officially maintained formats are pf_30 and iptables.

inputfiles_mask="messages*" # The name of your logfiles, with a wildcard if you want
inputfiles_dir="/var/log" # The directory where your logfiles are in, 

                                                        #       e.g.
/var/log
inputfiles_mtime="31"           # How old the logfiles can be

# You can change this to your log rotate interval + 1 day (so you never
miss a logfile entry)
inputfiles=`find $inputfiles_dir -maxdepth 1 -name "$inputfiles_mask" -mtime -$inputfiles_mtime | sort -r`
# This should find the names of the logfiles you want to parse
# It MUST return the names in reverse order (chronologically) or you
# will have LOTS of duplicate lines in your log.

onehost=false
# Available options: false true dynip

# Default: false

# Set to true if this firewall runs on one machine only and you want to
see
# the source hosts (not the protected target hosts) in the Blocked
Packet
# Report. This is suggested if you protect one server, but loses
information
# if you protect a network.

# Set to "dynip" if your firewall has a dynamic IP address.

# After changing onehost, you must delete everything in $outdir!

sep_hosts=false
# Set to true if you want fwanalog to create a separate, additional
report for
# each attacking host IP.
# WARNING: this can run for hours using 100 % CPU and consume lots of
hard
# disk space (up to 25 kB per host) so you can easily fill up your
server if
# too many packets from different hosts were blocked.
# Also, this makes only limited sense with onehost mode set to true.
# If you set this option after having used fwanalog, some hosts won't be
# linked in the report. You can create a report for a host with the
# "-a <IP-address>" command line option.

sep_packets=false
# Like sep_hosts, but for blocked packets.
# The corresponding command line option is "-p <packet>"

# Program invocations - add path if needed

analog="/usr/local/analog"
# Full pathname if you need, or "nice analog" if you want to de-priorize
it 

date="date"             # should be GNU date
grep="grep"     # should be GNU grep

egrep="egrep" # should be GNU egrep
zegrep="zegrep"
gzcat="gzcat"
sed="sed"
perl="perl"
tcpdump="tcpdump"

timezone=`$date +%z`
# Which timezone the server is in. Correct if the server fwanalog runs
on
# is not in the timezone the firewall is in.
# The %z option of date is supported on GNU/Linux and OpenBSD,
# but apparently NOT on FreeBSD so you will have to insert your
# timezone difference (e.g. -0500) yourself or use GNU date.

---
Aaron Axelsen
AIM: AAAK2
Email: axelseaa~AT~amadmax.com
URL: www.amadmax.com
 
"It said, ""Insert disk #3,"" but only two will fit!"
"One picture is worth 128K words."


-----Original Message-----
From: Larry Merritt-Gilbert [mailto:gilbertl~AT~haulpak.com] 
Sent: Friday, August 16, 2002 8:22 AM
To: Aaron Axelsen
Subject: Re: [fwAnalog] (no subject)


Please post the contents of your fwanalog.opts file.


Aaron Axelsen wrote:

> I get these erros when trying to run the program.  What am I doing 
> wrong?
> 
> 
> [root~AT~Alpha fwanalog]# ./fwanalog.sh
> ./fwanalog.sh: ./fwanalog.opts: line 86: unexpected EOF while looking 
> for matching `"'
> ./fwanalog.sh: ./fwanalog.opts: line 94: syntax error: unexpected end 
> of file
> mkdir: too few arguments
> Try `mkdir --help' for more information.
> cp: cannot stat `/fwanalog.current.log': No such file or directory 
> [root~AT~Alpha fwanalog]#
> ---
> Aaron Axelsen
> AIM: AAAK2
> Email: axelseaa~AT~amadmax.com
> URL: www.amadmax.com
>  
> "It said, ""Insert disk #3,"" but only two will fit!"
> "One picture is worth 128K words."
> 
> 
> 
> _______________________________________________
> fwAnalog mailing list
> fwAnalog~AT~tud.at http://tud.at/cgi-bin/mailman/listinfo/fwanalog
> 


-- 
Larry Merritt-Gilbert
Systems Analyst - Scientific Systems
Komatsu America International Company
2300 N.E. Adams Street
P.O. Box 240
Peoria, IL 61650-0240

Work:309-672-7475
Cell:309-369-0314
Fax:309-672-7753
mailto:lmerritt-gilbert~AT~kac-peoria.com

This archive was generated by hypermail 2.1.4 : Fri Aug 16 2002 - 18:02:02 CEST