#!/bin/sh # sh_denied_packets.sh # this takes a log file and pulls out just the DENYed packets that # aren't local # use the file to check as an argument # like find_denied_remote /var/log/messages # the local network LOCAL_LAN="192.168.1" # path to the program to resolve the ip addys LOG_RESOLVE="/home/marc/bin/logresolve" # path to script to pull out extra info LOG_STRIP="/home/marc/bin/strip_log.pl" # if the first argument is not a readable file, use /var/log/messages if [ ! -r "$1" ] then LOG_TO_CHECK="/var/log/messages"; else LOG_TO_CHECK=$1; fi # grep for DENY, but not for my lan, remove the data up to the ip addy # , resolve the first ip addy, sort it, and remove the dupes grep DENY $LOG_TO_CHECK | grep -v 127.0.0 | grep -v $LOCAL_LAN \ | $LOG_STRIP | $LOG_RESOLVE | sort | uniq