NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] Log rotatation script - UNIX/IPSO



Log switching can be configured in NG via GUI console and it works good
for me.

Ramakrishnan

>>> [email protected] 09/10/03 09:58AM >>>
Here's a nice little script we used on 4.1 that kept 7 days of logs on
the
firewall and FTPd the rest off to a designated server of your choice.

First we run the following CRON jobs:
***** FIREWALL CRON JOBS *****
59 23 * * * /var/fw/scripts/shuffle | /bin/mail -s "FIREWALLNAME
Report"
[email protected]
25 00 * * * /var/fw/scripts/transfer | /bin/mail -s "FIREWALLNAME
Transfer"
[email protected]


Here is the first script that runs.  NOTE THE PATHS to your firewall
installation and correct for whatever version you are running:
***** FIREWALL MANAGEMENT/MODULE 4.1 SHUFFLE SCRIPT
*****/var/fw/scripts/shuffle
#!/bin/sh

#reading in date variable
DATE=`date +%m%d%y-%H%M`
WEEKDAY=`date +%w`
#
#writing date
echo FIREWALLNAME report for `date`
echo
#
#switching firewall log file
/opt/FireWall-1-strong.v4.1.SP-2.ipso-3.3/bin/fw logswitch old
echo Firewall Log switch is done.
echo
#
#copying and renaming firewall log files
cp /var/fw/log/old.log /var/fw/log/$WEEKDAY.log
echo Weekday log file rename and copy is done
echo
#
#Delete the transfer logs
rm /var/fw/transfer/*
echo Transfer directory cleared
echo
#
#moving and renaming firewall log files for ftp transfer
mv /var/fw/log/old.log /var/fw/transfer/$DATE.log
echo Timestamped log file rename and move to transfer directory is
done
echo
#
#Disk space output
cap=`df /var | grep dev | awk '{print $5}'`
cap=`expr "$cap" : '\(.*\)%'`
#echo $cap
if [ "$cap" -le 75 ]
then
  echo Disk capacity is at ${cap}%
else
  echo WARNING! Disk capacity is at ${cap}%
fi
echo
#
#log directory output
echo Directory of the default log directory
/bin/ls -lat /var/fw/log
echo
echo Directory of the transfer log directory
/bin/ls -lat /var/fw/transfer
echo
#
#Last login output
echo Last login output file
/usr/bin/last
echo
#
#Checkpoint management file output
echo Last 50 events of the Checkpoint Audit Log
tail -50 /var/fw/log/cpmgmt.aud
echo
echo
echo `date` End of Report


Here is the second script that runs.  We keep firewall log files on a
server
running FTP.  We then burn the logs to DVD for archival purposes.
Replace
192.168.1.1 with the IP address of your FTP server and use the
appropriate
username and password for the ftp login.  The files are placed in their
own
directory:
***** FIREWALL FTP TRANSFER SCRIPT *****/var/fw/scripts/transfer
#!/bin/sh

#FTPing Files
echo FTP file transfer beginning
ftp -i -n <<EOF
open 192.168.1.1
user ftpusername ftppassword
binary
cd FIREWALLNAMEHERE/logs
lcd /var/fw/transfer
mput *.log
quit
EOF
echo FTP file transfer complete


For NG we have had to change things a little, but since we're just now
switching firewalls over to NG the scripts aren't done yet.

Hope this helps,

Paul Mills
AmeriCredit


-----Original Message-----
From: Brendan Laws [mailto:[email protected]]
Sent: Tuesday, September 09, 2003 10:48 PM
To: [email protected]
Subject: [FW-1] Log rotatation script - UNIX/IPSO

Hi there,

I am wondering if anyone already has a fw log rotation script that
will
run on unix/IPSO under c shell or bash shell.

Something that like copies the log to a date and restarts with a new
log
file every month or something.

Cheers,
Brendan

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.