Re: [leaf-user] weblet extension version 2
Hello Tony Another variant is to change in the file viewhits the option ipsort to - ipsort) HEAD=' Hits IP-Adress ' AUS="`grep "DPT=$content " /var/log/messages |\ sed 's/.*SRC=\(.* \)DST.*$/\1<\/a><\/td><\/td><\/tr>/'| sort -n | uniq -c |sort -rn|\ sed 's/^// s/http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] weblet extension version 2
HI Eric and Jeff, Thanks Eric for the code, this is half of what I was looking for, Jeff gave the other half. If you use the proverb: Give a man a fish, he eats today Teach a man to fish, he eats forever you both gave me one of those lines and I appreciate it. But, I do have some questions about the code, I can get the portsort section to work (from a previous e-mail, but the ipsort section is giving me the headers, but no data under it. I have some observations, but should I move this discussion to the devel list? I don't want to clog up this list with any more messages than necessary. Please advise, and I can pick up with my observations. Thanks, Tony > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of eric wolzak > Sent: Saturday, May 31, 2003 12:26 PM > To: Tony; Leaf-User > Subject: Re: [leaf-user] weblet extension version 2 > > > Hello Tony > > > Another variant is to change in the file viewhits the option ipsort to > - > ipsort) > HEAD=' Hits > IP-Adress ' > > AUS="`grep "DPT=$content " /var/log/messages |\ > sed 's/.*SRC=\(.* \)DST.*$/ href=viewhits?x_\1>\1<\/a><\/td><\/td><\/tr>/'| > sort -n | uniq -c |sort -rn|\ > sed 's/^// > s/ ;; > --- > this is a little bit slower but let you click on each ip address > that tried > to connect to the certain port and shows the messages that it caused, > including those to another port > > Regards > Eric Wolzak > member of the bering crew > > --- This SF.net email is sponsored by: eBay Get office equipment for less on eBay! http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] weblet extension version 2
Hi Tony, I tried this code as well and I think that you have to substitute /var/log/shorewall.log for /var/log/messages in the code that Eric provided. It didn't work for me until I made this change. Perhaps an older version of Bering or Dach used the messages file to log packets, hence the confusion. Please correct me if I'm wrong, Eric. Thanks, Ken > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Tony > Sent: Saturday, May 31, 2003 3:33 PM > To: eric wolzak; Leaf-User > Cc: [EMAIL PROTECTED] > Subject: RE: [leaf-user] weblet extension version 2 > > > HI Eric and Jeff, > > Thanks Eric for the code, this is half of what I was looking > for, Jeff gave the other half. If you use the proverb: > > Give a man a fish, he eats today > Teach a man to fish, he eats forever > > you both gave me one of those lines and I appreciate it. > > But, I do have some questions about the code, I can get the > portsort section to work (from a previous e-mail, but the > ipsort section is giving me the headers, but no data under it. > > I have some observations, but should I move this discussion > to the devel list? I don't want to clog up this list with > any more messages than necessary. > > Please advise, and I can pick up with my observations. > > Thanks, > > Tony > > > > > -Original Message- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] Behalf Of > eric wolzak > > Sent: Saturday, May 31, 2003 12:26 PM > > To: Tony; Leaf-User > > Subject: Re: [leaf-user] weblet extension version 2 > > > > > > Hello Tony > > > > > > Another variant is to change in the file viewhits the > option ipsort to > > - > > ipsort) > > HEAD=' Hits > > IP-Adress ' > > > > AUS="`grep "DPT=$content " /var/log/messages |\ > > sed 's/.*SRC=\(.* \)DST.*$/ > href=viewhits?x_\1>\1<\/a><\/td><\/td><\/tr>/'| > > sort -n | uniq -c |sort -rn|\ > > sed 's/^// > > s/ > ;; > > --- > > this is a little bit slower but let you click on each ip > address that > > tried to connect to the certain port and shows the > messages that it > > caused, including those to another port > > > > Regards > > Eric Wolzak > > member of the bering crew > > > > > > > > --- > This SF.net email is sponsored by: eBay > Get office equipment for less on eBay! > http://adfarm.mediaplex.com/ad/ck/711-11697-> 6916-5 > > > -- > -- > leaf-user mailing list: [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/l> eaf-user > SR > FAQ: > http://leaf-project.org/pub/doc/docmanager/docid_1891.html > > --- This SF.net email is sponsored by: eBay Get office equipment for less on eBay! http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
Re: [leaf-user] weblet extension version 2
Hi Ken. I tried this code as well and I think that you have to substitute /var/log/shorewall.log for /var/log/messages in the code that Eric provided. It didn't work for me until I made this change. Perhaps an older version of Bering or Dach used the messages file to log packets, hence the confusion. Please correct me if I'm wrong, Eric. Thanks, Ken You are of course right , the log file should be the one the messages for shorewall are directed to. Bering 1.0 stable did the logging still in the /var/log/messages file ( this was the version I used to debug the script.) I should make things more modular again ;) Thanks for your feedback. > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Tony > Sent: Saturday, May 31, 2003 3:33 PM > To: eric wolzak; Leaf-User > Cc: [EMAIL PROTECTED] > Subject: RE: [leaf-user] weblet extension version 2 > > > HI Eric and Jeff, > > Thanks Eric for the code, this is half of what I was looking > for, Jeff gave the other half. If you use the proverb: > > Give a man a fish, he eats today > Teach a man to fish, he eats forever > > you both gave me one of those lines and I appreciate it. > > But, I do have some questions about the code, I can get the > portsort section to work (from a previous e-mail, but the > ipsort section is giving me the headers, but no data under it. > > I have some observations, but should I move this discussion > to the devel list? I don't want to clog up this list with > any more messages than necessary. > > Please advise, and I can pick up with my observations. > > Thanks, > > Tony > > > > > -Original Message- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] Behalf Of > eric wolzak > > Sent: Saturday, May 31, 2003 12:26 PM > > To: Tony; Leaf-User > > Subject: Re: [leaf-user] weblet extension version 2 > > > > > > Hello Tony > > > > > > Another variant is to change in the file viewhits the > option ipsort to > > - > > ipsort) > > HEAD=' Hits > > IP-Adress ' > > > > AUS="`grep "DPT=$content " /var/log/messages |\ > > sed 's/.*SRC=\(.* \)DST.*$/ > href=viewhits?x_\1>\1<\/a><\/td><\/td><\/tr>/'| > > sort -n | uniq -c |sort -rn|\ > > sed 's/^// > > s/ > ;; > > --- > > this is a little bit slower but let you click on each ip > address that > > tried to connect to the certain port and shows the > messages that it > > caused, including those to another port > > > > Regards > > Eric Wolzak > > member of the bering crew > > Regards Eric Wolzak member of the bering crew. --- This SF.net email is sponsored by: eBay Get office equipment for less on eBay! http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] weblet extension version 2
No problem. This actually got me playing around with this and I added one other thing that I've wanted for a while: a link to whois for each IP address that gets logged. I changed the following section: hitssort) HEAD='HitsIP-AddressWhoisDate\\\3\<\/a\><\/td\>\ \\Whois-\3\<\ /a\><\/td\>\\ \1\<\/td\>\<\/tr\>'|\ sort |uniq -c | sort -rn |sed 's/^/\\/'` titel="Hits sorted by frequency and by ip address" ;; That's a lot of "escapes". :) Ken > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > eric wolzak > Sent: Monday, June 02, 2003 10:11 AM > To: Ken Marshall; 'Tony'; 'Leaf-User' > Cc: [EMAIL PROTECTED] > Subject: Re: [leaf-user] weblet extension version 2 > > > Hi Ken. > > > I tried this code as well and I think that you have to > substitute /var/log/shorewall.log for /var/log/messages in > the code that Eric provided. It didn't work for me until I > made this change. Perhaps an older version of Bering or Dach > used the messages file to log packets, hence the confusion. > Please correct me if I'm wrong, Eric. > > Thanks, > Ken > > You are of course right , the log file should be the one the > messages for shorewall are directed to. Bering 1.0 stable did > the logging still in the /var/log/messages file ( this was > the version I used to debug the script.) I should make things > more modular again ;) > > Thanks for your feedback. --- This SF.net email is sponsored by: eBay Get office equipment for less on eBay! http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] weblet extension version 2
Hi Ken, Yeah, actually I picked that up. What happened was I was missing a backtick that somehow dropped off when I pasted the code into the window. Thanks, Tony P.S. Thanks for that lookup code, that's also helpful. I had thought about that, but didn't want to push my luck. ;-) > -Original Message- > From: Ken Marshall [mailto:[EMAIL PROTECTED] > Sent: Monday, June 02, 2003 11:55 AM > To: 'Tony'; 'eric wolzak'; 'Leaf-User' > Cc: [EMAIL PROTECTED] > Subject: RE: [leaf-user] weblet extension version 2 > > > Hi Tony, > > I tried this code as well and I think that you have to substitute > /var/log/shorewall.log for /var/log/messages in the code that > Eric provided. > It didn't work for me until I made this change. Perhaps an older > version of > Bering or Dach used the messages file to log packets, hence the confusion. > Please correct me if I'm wrong, Eric. > > Thanks, > Ken > > --- This SF.net email is sponsored by: eBay Get office equipment for less on eBay! http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
RE: [leaf-user] weblet extension version 2
FWIW, I think that's a very useful addition for the standard distribution. Paul Rogers ([EMAIL PROTECTED]) http://www.xprt.net/~pgrogers/ http://www.angelfire.com/or/paulrogers/ Rogers' Second Law: "Everything you do communicates." (I do not personally endorse any additions after this line. TANSTAAFL :-) - Begin forwarded message -- From: "Ken Marshall" <[EMAIL PROTECTED]> Subject: RE: [leaf-user] weblet extension version 2 Date: Mon, 2 Jun 2003 10:56:43 -0600 Organization: Black Mountain Software, Inc. This actually got me playing around with this and I added one other thing that I've wanted for a while: a link to whois for each IP address that gets logged. I changed the following section: The best thing to hit the internet in years - Juno SpeedBand! Surf the web up to FIVE TIMES FASTER! Only $14.95/ month - visit www.juno.com to sign up today! --- This SF.net email is sponsored by: eBay Get office equipment for less on eBay! http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
