Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How do I Access a log file from the last eof?

    Scheduled Pinned Locked Moved Development
    1 Posts 1 Posters 338 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      guardian Rebel Alliance
      last edited by

      I am trying to scan /var/log/openvpn for VPN logons/authentication failures.

      I know I can do something like this:
      clog -f openvpn.log | grep 'openvpn: user' -A 2 | python_program

      Which will find all the successful/unsuccessful access attempts, but I'm a bit concerned about leaving something like that running permanently, and it is also not easy or straightforward to process individual events since a read is going to block.

      Is there any way easy way to access the log file with python that would allow keeping track of where the last eof was, and then reopening the file for read from that point?

      As an alternative could I do something like:

      clog -f openvpn.log | grep 'openvpn: user' -A 2 >>holdingfile.txt

      The with a cron job have python read the file contents and then truncate the file to empty it? Does >> lock the file? If the file isn't locked and can be read/writted with the above statement, would truncating holdingfile.txt to zero length screw things up?

      If the log file was a regular "linear file", I would read to eof, process any entries, save the length, and then on the next run set the file pointer to the last eof address before reading again. A cron job with run the program every 5 minutes to check for activity.

      Any way to accomplish that with these circular logs (other than writing a complex hander)?

      My intended outcome is to send an email and write an entry to the system log on every access. (This is a personal system where I (and maybe later my wife) would be the only users, and accesses wouldn't be frequent events.) If somehow access key/creds got stolen I want to know about it immediately and since access is so infrequent and highly controlled an unauthorized event would be easy to spot.

      Any advice/suggestions would be much appreciated.

      If you find my post useful, please give it a thumbs up!
      pfSense 2.7.2-RELEASE

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.