Small useful scripts
-
Hi there,
Don't know if you are interested but let's start a topic with some useful small scripts to save time.
Top 10 blocked IP (and count) in the last 1000 lines of the filrewall log file.
#!/bin/sh grep "\([0-9]\{1,3\}\.\)\{3\}\([0-9]\{1,3\}\)" /var/log/filter.log | head -n1000 | while read line do echo $line | sed 's/^.* \(\([0-9]\{1,3\}\.\)\{3\}\)\([0-9]\{1,3\}\).*\(\([0-9]\{1,3\}\.\)\{4\}\).*$/\1\3/' done | sort | uniq -c | sort -rn | headFeel free to post yours :)
-
Click Status > System Logs, Firewall Tab, Summary View (Available on 2.0 and with the Dashboard package on 1.2.3) which breaks it down even better with pie charts, for ports, IPs, etc. :-)
-
you are so booooring :P :D
-
Pie charts! Wa…. :o ;D
Steve
-
new one…
Count and display IP who tried to logon via SSH with bad password
#!/bin/sh clog /var/log/system.log | grep -ia "sshd.*failed.*password" | sed 's/^.* \(\([0-9]\{1,3\}\.\)\{3\}\)\([0-9]\{1,3\}\).*$/\1\3/' | sort | uniq -c | sort -nI wanted to do it with a do while loop like the first script but it's stop on the "read line" condition and never stop
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.