Mailinglist Archive: opensuse-security (232 mails)

< Previous Next >
RE: [suse-security] Susefirewall2 weblogger
  • From: "Markus Heidinger" <suselist@xxxxxxxxxxxxxx>
  • Date: Mon, 3 Oct 2005 16:17:24 +0200
  • Message-id: <!&!AAAAAAAAAAAYAAAAAAAAAP9QkKQ4AexDn8E0JJeMbqnCgAAAEAAAACQGGUjr1KlFvFD6Tg9O/t8BAAAAAA==@xxxxxxxxxxxxxx>
Bruno Cochofel wrote at Monday, October 03, 2005 11:14 AM

> I found a weblogger that comes with support for susefirewall but I
> can't seem to get this right...
>
> Can someone help me on this?
>
> Iptables logs can be found at: http://www.gege.org/iptables/

I had never heard of this before but immediately tried it out ;-) ... It was
a littly bit hard to get it rununing, but now it works, with slightly
amended scripts for feeding the log entries into the database. What you need
ast first is to install session support and DBI for mysql for Perl.

Furthermore the init script provided with the package does not work, first
try to start the script from a console without any options and it will print
all entries to the console as well as insert it into the database.

Script "feed_db.pl" has to be changed as follows to get the correct entries
into the correct database columns:

############################################################################
####
################# C O N F I G S E C T I O N
#############
############################################################################
####

my $dsn = 'DBI:mysql:iptables:srv-mdh-001.mh-infoman.loc';
my $db_user_name = 'iptables_admin';
my $db_password = '********';
# Password here ^^^^^^^^
my $log_file = '/var/log/firewall';
^^^^^^^^^^^^^^^^^^
my $pid_file = "/var/run/iptablelog.pid";

[...]

while (<LOG_FILE>) {
# if (!/$log_tag/) { next; }
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
my(@entry_split)=split / +/;
my(%entry);

[...]

# shift(@entry_split); # [IPTABLES
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
my($chain_name)=shift(@entry_split); # DROP]
# $chain_name=~s/\]//;
^^^^^^^^^^^^^^^^^^^^^^^
# shift(@entry_split); # :
^^^^^^^^^^^^^^^^^^^^^^^^^^^
foreach (@entry_split) {
if (/(.*)=(.*)/) {
(my($field),my($value))=split /=/;
$entry{$field}=$value;
}
}

[...]

(Only relevant sections shown above, leave anything else unchanged!)

Now the entries should occur in the database.
I did not yet amend the init script, try to run it by "startproc -s
/usr/local/bin/feed_db.pl &> /dev/null".

HTH,
Best regards,

Markus


< Previous Next >
References