I run 2 abuse IP perl script that I got from dshield.com that read
my ipfilter log and create an email containing list of abusive
source ip address. Them last week I got hit by an Dos attack that
filled up my ipfilter logs. The logs were rotated by newsyslog past
the 3 deep specified in the newsyslog.conf file. The Dos attack did
not hurt me, but I lost many of the logs without running my abuse
scripts against them. I need some way to automatically run my abuse
scripts when ever just the ipfilter log gets rotated. Cron runs the
newsyslog command at the top of the hour. I will just add this
wrapper script to cron to run every 15 min. Reading man newsyslog
says I can create an wrapper script to issue the newsyslog command
using the -v flag for verbose to generate an o/p message and by
adding the path and name of the log I want to rotate to the end of
the command. Testing newsyslog -v /var/log/test will give an text
message which I can parse on and build logic around. Did some cut
and pasting from some scripts I had to create the following script
logic. I do not have any examples of perl scrip executing another
perl script or Freebsd command to copy from. I can not get the perl
syntax correct to call the newsyslog command, or my perl scripts I
want to run if the log was rotated.

Can someone please help me with this perl scrip?

use Getopt::Std;
# the verbose script option is used to create
#an ready trace of the logic flow.

# Path and file name of ipfilter log file

debug("exec newsyslog cmd\n");

# the o/p of newsyslog verbose looks like this
#/var/log/test <10>: size (Kb): 76 [10] --> trimming log....
#/var/log/test <10>: size (Kb): 76 [100] --> skipping

# issue command and capture verbose o/p to $line
newsyslog "-v $logfile" > $line;  # this statement gets error

debug("op from newsyslog cmd = $line\n");

# parse line to extract relevant field
debug("rotated = $rotated\n");

if ($rotated eq "skipping");
     debug("log not rotated\n");
     debug("log rotated\n");
     # run custom scripts, this is probably wrong also
     abuse_dshield.pl -l /var/log/test.0;
     abuse_adelphia.pl -l /var/log/test.0;
     cat /var/log/test.0 >> /usr/log/test.all;
     rm /var/log/test.0;

sub debug
  if ($verbose==1)
  { print(STDERR @_); }

[EMAIL PROTECTED] mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to