[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] Log rotatation script - UNIX/IPSO
Log switching can be configured in NG via GUI console and it works good for me. Ramakrishnan >>> [email protected] 09/10/03 09:58AM >>> Here's a nice little script we used on 4.1 that kept 7 days of logs on the firewall and FTPd the rest off to a designated server of your choice. First we run the following CRON jobs: ***** FIREWALL CRON JOBS ***** 59 23 * * * /var/fw/scripts/shuffle | /bin/mail -s "FIREWALLNAME Report" [email protected] 25 00 * * * /var/fw/scripts/transfer | /bin/mail -s "FIREWALLNAME Transfer" [email protected] Here is the first script that runs. NOTE THE PATHS to your firewall installation and correct for whatever version you are running: ***** FIREWALL MANAGEMENT/MODULE 4.1 SHUFFLE SCRIPT *****/var/fw/scripts/shuffle #!/bin/sh #reading in date variable DATE=`date +%m%d%y-%H%M` WEEKDAY=`date +%w` # #writing date echo FIREWALLNAME report for `date` echo # #switching firewall log file /opt/FireWall-1-strong.v4.1.SP-2.ipso-3.3/bin/fw logswitch old echo Firewall Log switch is done. echo # #copying and renaming firewall log files cp /var/fw/log/old.log /var/fw/log/$WEEKDAY.log echo Weekday log file rename and copy is done echo # #Delete the transfer logs rm /var/fw/transfer/* echo Transfer directory cleared echo # #moving and renaming firewall log files for ftp transfer mv /var/fw/log/old.log /var/fw/transfer/$DATE.log echo Timestamped log file rename and move to transfer directory is done echo # #Disk space output cap=`df /var | grep dev | awk '{print $5}'` cap=`expr "$cap" : '\(.*\)%'` #echo $cap if [ "$cap" -le 75 ] then echo Disk capacity is at ${cap}% else echo WARNING! Disk capacity is at ${cap}% fi echo # #log directory output echo Directory of the default log directory /bin/ls -lat /var/fw/log echo echo Directory of the transfer log directory /bin/ls -lat /var/fw/transfer echo # #Last login output echo Last login output file /usr/bin/last echo # #Checkpoint management file output echo Last 50 events of the Checkpoint Audit Log tail -50 /var/fw/log/cpmgmt.aud echo echo echo `date` End of Report Here is the second script that runs. We keep firewall log files on a server running FTP. We then burn the logs to DVD for archival purposes. Replace 192.168.1.1 with the IP address of your FTP server and use the appropriate username and password for the ftp login. The files are placed in their own directory: ***** FIREWALL FTP TRANSFER SCRIPT *****/var/fw/scripts/transfer #!/bin/sh #FTPing Files echo FTP file transfer beginning ftp -i -n <<EOF open 192.168.1.1 user ftpusername ftppassword binary cd FIREWALLNAMEHERE/logs lcd /var/fw/transfer mput *.log quit EOF echo FTP file transfer complete For NG we have had to change things a little, but since we're just now switching firewalls over to NG the scripts aren't done yet. Hope this helps, Paul Mills AmeriCredit -----Original Message----- From: Brendan Laws [mailto:[email protected]] Sent: Tuesday, September 09, 2003 10:48 PM To: [email protected] Subject: [FW-1] Log rotatation script - UNIX/IPSO Hi there, I am wondering if anyone already has a fw log rotation script that will run on unix/IPSO under c shell or bash shell. Something that like copies the log to a date and restarts with a new log file every month or something. Cheers, Brendan ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|