-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I've made the changes that you explain but nothing happens on the console and there's some activity on the log file... If I don't have the session support or DBI and mysql in the Perl config will it give me any error? 'Cos the script runs without complains... Markus Heidinger wrote:
Bruno Cochofel wrote at Monday, October 03, 2005 11:14 AM
I found a weblogger that comes with support for susefirewall but I can't seem to get this right...
Can someone help me on this?
Iptables logs can be found at: http://www.gege.org/iptables/
I had never heard of this before but immediately tried it out ;-) ... It was a littly bit hard to get it rununing, but now it works, with slightly amended scripts for feeding the log entries into the database. What you need ast first is to install session support and DBI for mysql for Perl.
Furthermore the init script provided with the package does not work, first try to start the script from a console without any options and it will print all entries to the console as well as insert it into the database.
Script "feed_db.pl" has to be changed as follows to get the correct entries into the correct database columns:
############################################################################ #### ################# C O N F I G S E C T I O N ############# ############################################################################ ####
my $dsn = 'DBI:mysql:iptables:srv-mdh-001.mh-infoman.loc'; my $db_user_name = 'iptables_admin'; my $db_password = '********'; # Password here ^^^^^^^^ my $log_file = '/var/log/firewall'; ^^^^^^^^^^^^^^^^^^ my $pid_file = "/var/run/iptablelog.pid";
[...]
while (
) { # if (!/$log_tag/) { next; } ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ my(@entry_split)=split / +/; my(%entry); [...]
# shift(@entry_split); # [IPTABLES ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ my($chain_name)=shift(@entry_split); # DROP] # $chain_name=~s/\]//; ^^^^^^^^^^^^^^^^^^^^^^^ # shift(@entry_split); # : ^^^^^^^^^^^^^^^^^^^^^^^^^^^ foreach (@entry_split) { if (/(.*)=(.*)/) { (my($field),my($value))=split /=/; $entry{$field}=$value; } }
[...]
(Only relevant sections shown above, leave anything else unchanged!)
Now the entries should occur in the database. I did not yet amend the init script, try to run it by "startproc -s /usr/local/bin/feed_db.pl &> /dev/null".
HTH, Best regards,
Markus
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Netscape - http://enigmail.mozdev.org iD8DBQFDQbK/vug0e/DKR7kRAg+PAJwP6fAE4TLQrrLPPotjc+k6TMpRzACfWF8Q sKqEYaQ53aVQIXBmEc2F2Ts= =q9cP -----END PGP SIGNATURE-----