#!/bin/bash #M0n0wall filter log grabber #Created by Jonathan Karras #To use this script properly you will need to provide a exclusion list and #an offset.txt file. These files need to be placed in the directory specified #by the variable BASEDIR. The offset.txt file must be writable by this script. #For more information about these files consult the dshield-freebsd.pl file #for more information. The #M0n0wall login information HOST=mono.ip.here.com HTTP_USER=admin HTTP_PASS=yourpasswordhere LOG_NAME=filter.log EXCLUDE_LIST_NAME=exclude.list.txt PARSED_LOG_NAME=filter.log.parsed #Temp directory to download and parse log file. WORKINGDIR=/tmp #Directory where offset file and exception list are kept BASEDIR=/path/of/this/script #Path to the dshield-freebsd.pl log parser. DSHIELD_EXEC=/path/to/dshield-freebsd.pl #Dshield information goes here. EMAIL_FROM=youremail\@here.net EMAIL_TO=report\@dshield.org EMAIL_CC= DSHIELD_UID=0 #Script begins here LOG_NAME=`date +%F-%T`-$LOG_NAME #Download log file wget -q -O $WORKINGDIR/$LOG_NAME --http-user $HTTP_USER --http-password $HTTP_PASS \ --post-data="dlPath=/var/log/filter.log&submit=Download" http://$HOST/exec.php #Clear log file wget -q -O $WORKINGDIR/output.html --http-user $HTTP_USER --http-password $HTTP_PASS \ --post-data="clear=Clear log" http://$HOST/diag_logs_filter.php #Clear first and last line. The seem to be garbage from the download. #Get the number of lines in a file subtract 1 TAILOUTLINES=$(( $(wc -l 0<$WORKINGDIR/$LOG_NAME) -1 )) #Trim the first line with tail then the last line with head and output to filter tail -n $TAILOUTLINES 0<$WORKINGDIR/$LOG_NAME | head -n -1 > $WORKINGDIR/$PARSED_LOG_NAME #Send to dshield.org $DSHIELD_EXEC -f $EMAIL_FROM -t $EMAIL_TO -c $EMAIL_CC -u $DSHIELD_UID \ -l $WORKINGDIR/$PARSED_LOG_NAME -e $BASEDIR/$EXCLUDE_LIST_NAME \ -m $BASEDIR/offset.txt #Clean up log files rm $WORKINGDIR/$LOG_NAME rm $WORKINGDIR/$PARSED_LOG_NAME rm $WORKINGDIR/output.html #Script ends here