Below are two scripts which are located in the /firewall/bin directory
and subsequently called via cron.
These are scripts I developed, they work but could be better.
The script should be started 1 minute before they are required this
is to allow for date changes at night.
Cron calls swap_firewall_log.sh, which ensures the date stamp in the
file name is correct.
swap_firewall_log.sh calls fwlog2txt.sh which converts the newly swapped
log into a file compatible with CSV
and checks that the Email will not exceed 4.99MB before Emailing it
to your admin account.
Enjoy
------- swap_firewall_log.sh -----------
#!/bin/sh
#
# Switch Firewall Logs daily - One Minute before Execution
#
# Set Environment Variables
FWDIR=/opt/CPfw1-41
DAY_NAME=`/usr/bin/date +%a`
SWITCH_NAME=/tmp/switch-firewall-log.log
TO_CSV=/firewall/bin/fwlog2txt.sh
#
# Set Shell Functions
#
log()
{
echo ${1} | tee -a ${2}
}
#
# Start Execution Here
#
sleep 60
#
#
#
LOG_TIME=`/usr/bin/date +%R`
case ${LOG_TIME} in
noon|12:00)
SWITCH_LOG=${SWITCH_NAME}.noon
DAILY_LOG=${DAY_NAME}.noon
;;
midnight|24:00|00:00)
SWITCH_LOG=${SWITCH_NAME}
DAILY_LOG=${DAY_NAME}
;;
*)
SWITCH_LOG=${SWITCH_NAME}.${LOG_TIME}
DAILY_LOG=${DAY_NAME}.${LOG_TIME}
;;
esac
#
LOG_FILE=`/usr/bin/echo "firewall_log_day_${DAILY_LOG}"`
TXT_FILE=`/usr/bin/echo "/tmp/firewall_log_day_${DAILY_LOG}.csv"`
#
#
#
rm ${SWITCH_LOG}
log "Processing Firewall Log" ${SWITCH_LOG}
log "New Log File ${LOG_FILE}" ${SWITCH_LOG}
log "Executing ${FWDIR}/bin/fw logswitch ${LOG_FILE}" ${SWITCH_LOG}
${FWDIR}/bin/fw logswitch - ${LOG_FILE}
log "Done ......." ${SWITCH_LOG}
#
#
#
if [ -f ${TO_CSV} ]; then
log "Converting Log file to ascii text" ${SWITCH_LOG}
${TO_CSV} ${LOG_FILE} ${TXT_FILE} ${FWDIR} >> ${SWITCH_LOG}
else
log "FW-1 Log not converted to Ascii" ${SWITCH_LOG}
fi
------- swap_firewall_log.sh -----------
------- fwlog2txt.sh ----------------
#!/bin/sh
# set environment variables
MIN_MAIL_SIZE=0
MAX_MAIL_SIZE=4990000
CORRECT_MESSAGE=/tmp/correct_fw_log_message
[EMAIL PROTECTED]
echo "Input FW-1 log " $1
echo "Output Ascii log " $2
echo "fw directory " $3
echo "Exporting FW-1 log to Ascii text using $3/bin/fw"
$3/bin/fw logexport -i $3/log/${1}.log -n -o ${2}
echo "Compressing Ascii File"
compress ${2}
echo "Uuencoding to ${2}.Z.uu"
uuencode ${2}.Z ${2}.Z > ${2}.Z.uu
echo "Checking Log Size against Mail Max Size"
LOG_SIZE=`ls -l ${2}.Z.uu | awk '{ print $5 }'`
if [ ${LOG_SIZE} -eq ${MIN_MAIL_SIZE} ] ; then
echo "No log ${2}.Z to Email"
mailx -s "ERROR Firewall log = 0" ${ADMIN_USER}
else
if [ ${LOG_SIZE} -lt ${MAX_MAIL_SIZE} ] ; then
echo "Emailing log ${2}.Z"
cat ${2}.Z.uu | mailx -s "Firewall Log
${2}.Z " ${ADMIN_USER}
else
echo "Emailing log ${2}.Z will Fail
- LOG TOO LARGE"
echo "Increase the frequency of the
log switching" | mailx -s "Firewall Log ${2}.Z - TOO LARGE FOR EMAIL
" ${ADMIN_USER}
fi
fi
echo "Removing temporary files"
rm ${2}.Z ${2}.Z.uu
------- fwlog2txt.sh ----------------
------- crontab entry ----------------
#
# Switch Firewall Logs daily
#
59 8,11,15,23 * * * /firewall/bin/swap_firewall_log.sh > /dev/null
2>&1
------- crontab entry ----------------
Sam,
Sam Denton wrote:
I have heard people mention cron for the log files before. how do I use this?
I would like to automate saving the log and then ftping the log to another machine each day. Also it would be beneficial if the log was deleted after ftping across to another machine.
Thanks in advance.
Sam.
-- Network and Systems Administrator Flomerics Ltd Email: russell.aspinwall at flomerics.co.uk 81 Bridge Road Telephone: 020-8941-8810 x213 Hampton Court Facsimile: 020-8941-8730 Surrey, KT8 9HH, UK
