Snort email report from cron job
Ian Smith
the.pond at dsl.pipex.com
Tue Dec 16 11:26:58 GMT 2003
Whoops - missed the resolve option!
--
------------------------------------------------------------------------
Ian Smith
Worst . . . signature . . . ever !
-------------- next part --------------
#!/bin/sh -e
#set -x
test -f /usr/bin/snort || exit 0
PATH=/bin:/usr/bin:/sbin:/usr/sbin
umask 066
SYSLOG_LOGFILE=`syslogd-listfiles --auth 2>/dev/null | head -1`
SYSLOG_LOGFILE_CUSTOM=/var/log/snort/alert
if [ -z "$SYSLOG_LOGFILE" ]; then
SYSLOG_LOGFILE=$SYSLOG_LOGFILE_CUSTOM
fi
CONFIG=/etc/config.d/snort/snort.sysconfig
. $CONFIG
export SNORT_STATS_RCPT SNORT_STATS_TRESHOLD
#test -f /var/log/snort/portscan.log && savelog -c 7 -p /var/log/snort/portscan.log >/dev/null
#find /var/log/snort -name "snort-*@*.log" -mtime +15 \
# | xargs --no-run-if-empty rm
for log in $SYSLOG_LOGFILE; do
TEMPFILE=/tmp/snort-stat
snort-stat -r -t $SNORT_STATS_TRESHOLD < $log > $TEMPFILE
if test -s $TEMPFILE; then
(echo "To: $SNORT_STATS_RCPT"; echo; cat $TEMPFILE) | \
mail -s "Snort Daily Intrusion Report from `hostname`" \
$SNORT_STATS_RCPT
fi
rm -f $TEMPFILE
done
exit 0
More information about the lunar
mailing list