logwatch and iptables

Table of Contents

• Background
• Tailoring
• Download and Install
• Comments

Background

The iptables shell script is comprised of three parts:

1. gawk parser - parses the iptables exception line into discrete columns
2. sort to sort the data - man sort to change the sort keys.
3. gawk output - formats the data.

Note: The script always attempts to retrieve the source IP's hostname

Tailoring

The iptables script assumes that iptables logged its exceptions using the --log-prefix 'IPTABES ' switch. If you're environment is different, see the script as it has documentation on how to tailor it.

Download and Install

1. Download the gzip'd tar file to /usr/tmp:

   logwatch-iptables.tar.gz [1.8K]

2. View the contents of the tar file:

   # md5sum logwatch-iptables.tar.gz
   ece7bd65673003d47653d6c08325bf99 logwatch-iptables.tar.gz

3. As root, change directories to logwatch's top directory (usually /etc/log.d):

   su -
   cd /etc/log.d
   

4. Unpack the tar file and enjoy!

   tar -xvzf /usr/tmp/logwatch-iptables.tar.gz

Comments

Please email us your comments.