-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Thanks for all... Now my problem... I'm not that good with perl, so how can I install session support and DBI on Perl? I think I've got this right, there's nothing to do with mysql, right? Only the support for perl... Markus Heidinger wrote:
Bruno Cochofel wrote at Monday, October 03, 2005 11:14 AM
I found a weblogger that comes with support for susefirewall but I can't seem to get this right...
Can someone help me on this?
Iptables logs can be found at: http://www.gege.org/iptables/
I had never heard of this before but immediately tried it out ;-) ... It was a littly bit hard to get it rununing, but now it works, with slightly amended scripts for feeding the log entries into the database. What you need ast first is to install session support and DBI for mysql for Perl.
Furthermore the init script provided with the package does not work, first try to start the script from a console without any options and it will print all entries to the console as well as insert it into the database.
Script "feed_db.pl" has to be changed as follows to get the correct entries into the correct database columns:
############################################################################ #### ################# C O N F I G S E C T I O N ############# ############################################################################ ####
my $dsn = 'DBI:mysql:iptables:srv-mdh-001.mh-infoman.loc'; my $db_user_name = 'iptables_admin'; my $db_password = '********'; # Password here ^^^^^^^^ my $log_file = '/var/log/firewall'; ^^^^^^^^^^^^^^^^^^ my $pid_file = "/var/run/iptablelog.pid";
[...]
while (
) { # if (!/$log_tag/) { next; } ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ my(@entry_split)=split / +/; my(%entry); [...]
# shift(@entry_split); # [IPTABLES ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ my($chain_name)=shift(@entry_split); # DROP] # $chain_name=~s/\]//; ^^^^^^^^^^^^^^^^^^^^^^^ # shift(@entry_split); # : ^^^^^^^^^^^^^^^^^^^^^^^^^^^ foreach (@entry_split) { if (/(.*)=(.*)/) { (my($field),my($value))=split /=/; $entry{$field}=$value; } }
[...]
(Only relevant sections shown above, leave anything else unchanged!)
Now the entries should occur in the database. I did not yet amend the init script, try to run it by "startproc -s /usr/local/bin/feed_db.pl &> /dev/null".
HTH, Best regards,
Markus
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) Comment: Using GnuPG with Netscape - http://enigmail.mozdev.org iD8DBQFDQawGvug0e/DKR7kRAo6HAJ9jr7eCUDw8B7lBs86MKsm6kyvJhACgi9zl U6TUaPq/dhA2pAOnBF4usVM= =IEDm -----END PGP SIGNATURE-----