I've made a six-line addition to viewhits in weblet.lrp that adds the ability to view all shorewall log entries for a particular port. It's added parallel to the existing ability to view all entries for a particular source IP address. When you click on the "Firewall" trafficlight icon on the front page, then click "port" in the last line in the page that comes back, the page ::Hits sorted by porttype:: that's generated now has the middle column entries, the ports, bound to URLs that generate all log entries with that port.
I'm finding this useful, and hope others will too. I'd be curious if anyone thinks it worthwhile to propose it to the upstream maintainer of weblet. Thanks, --Eric -- ****************************************************************************** * From the desktop of: Eric House, [EMAIL PROTECTED] * * Crosswords 4.0 for PalmOS is out!: <http://www.peak.org/~fixin/xwords> * ****************************************************************************** *** var/sh-www/cgi-bin/viewhits Tue Dec 31 10:32:31 2002 --- /tmp/viewhits Mon Dec 1 07:33:27 2003 *************** *** 13,17 **** hitssort) ! HEAD='<tr><td width="20%">Hits</td><td>IP-Adress</td><td>Date</td></tr>' AUS=`grep "Shorewall:" /var/log/shorewall.log |\ sed 's/\(.\{6\}\)\(.*SRC=\)\(.*\)\( DST=.*\)/\<\/td\>\<td\>\<a href=\"viewhits?x_\3\"\>\3\<\/a\><\/td\>\<td\>\1\<\/td\>\<\/tr\>/'|\ --- 13,17 ---- hitssort) ! HEAD='<tr><td width="20%">Hits</td><td>IP-Address</td><td>Date</td></tr>' AUS=`grep "Shorewall:" /var/log/shorewall.log |\ sed 's/\(.\{6\}\)\(.*SRC=\)\(.*\)\( DST=.*\)/\<\/td\>\<td\>\<a href=\"viewhits?x_\3\"\>\3\<\/a\><\/td\>\<td\>\1\<\/td\>\<\/tr\>/'|\ *************** *** 34,38 **** sort | uniq -c |sort -rn |\ while read count port ; do ! printf "<tr><td>$count</td><td>$port</td><td>" grep "\\b$port\\b" /etc/services |sed /^#/d |cut -f 1 |uniq printf "</td></tr>" --- 34,38 ---- sort | uniq -c |sort -rn |\ while read count port ; do ! printf "<tr><td>$count</td><td><a href="viewhits?y_$port">$port</a></td><td>" grep "\\b$port\\b" /etc/services |sed /^#/d |cut -f 1 |uniq printf "</td></tr>" *************** *** 46,50 **** titel="hits caused by $content" ;; ! *) AUS=`cat /var/sh-www/data/hits |sed -e 's/^/\<tr\>\<td\>/ s/$/\<\/td\>\<\/tr\>/ --- 46,59 ---- titel="hits caused by $content" ;; ! ! ! y) ! AUS=`grep "Shorewall:.*DPT=$content " /var/log/shorewall.log |\ ! sed 's/^/\<tr\>\<td\>/ ! s/$/\<\/td\>\<\/tr\>/'` ! titel="hits targeting port $content" ! ;; ! ! *) AUS=`cat /var/sh-www/data/hits |sed -e 's/^/\<tr\>\<td\>/ s/$/\<\/td\>\<\/tr\>/ ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
