Email Reports formatting
-
I use the email reports feature to get a daily summarized email for a certain process.
I mainly use it for arpwatch. I get daily reports of what new macs are on a restricted vlan.
Is there a way to get this report better formatted instead of it just being pulled from the system log and placed in an email?
So for example below, i would like to add headers on each column while also removing certain fields like 'bogon'. Later on i will use a backend process i have to create a diff to show changes if any and that will be daily report email but for now im curious if any customizations can be made on the reports itself from pfsense.Apr 8 23:53:49 GA-FW1 arpwatch[90684]: bogon 192.168.50.246 78:45:58:48:27:a0
Apr 8 23:53:51 GA-FW1 arpwatch[90684]: bogon 192.168.50.177 b0:a7:b9:a4:ce:e9
Apr 8 23:53:55 GA-FW1 arpwatch[90684]: bogon 192.168.50.245 24:5a:4c:7a:97:5e -
There is nothing to do that in pfSense. You might be able to script something.
You could add a feature request here: https://redmine.pfsense.org/
Steve
-
@stephenw10 much appreciated. thanks! Submitted request
-
@michmoor have a play with the following:-
awk, sed and echo
I run the following at midnight to get yesterdays entries from the snort logs:-
grep ^`date -v-1d +"%D"` /var/log/snort/snort_pppoe*/alert | awk -F, '{a[$5]++;} END {for(i in a) print a[i]" "i}' | sed 's/"//g' | sort -r ; echo grep ^`date -v-1d +"%D"` /var/log/snort/snort_pppoe*/alert ; echo
So I get a summary like this:-
Command output: Snort WAN Alerts (grep ^`date -v-1d +"%D"` /var/log/snort/snort_pppoe*/alert | awk -F, '{a[$5]++;} END {for(i in a) print a[i]" "i}' | sed 's/"//g' | sort -r ; echo) 3 ET TOR Known Tor Relay/Router (Not Exit) Node TCP Traffic group 108 3 ET TOR Known Tor Exit Node TCP Traffic group 107 3 (spp_sip) Content length mismatch 1 ET DOS Possible NTP DDoS Inbound Frequent Un-Authed MON_LIST Requests IMPL 0x03 Command output: Snort WAN Alerts Details (grep ^`date -v-1d +"%D"` /var/log/snort/snort_pppoe*/alert ; echo) 04/10/22-07:46:07.832658 ,1,2522107,4759,"ET TOR Known Tor Relay/Router (Not Exit) Node TCP Traffic group 108",TCP,45.61.188.191,60048,xx.xx.xx.xx,1080,54321,Misc Attack,2,alert,Allow 04/10/22-07:46:07.832658 ,1,2520106,4759,"ET TOR Known Tor Exit Node TCP Traffic group 107",TCP,45.61.188.191,60048,xx.xx.xx.xx,1080,54321,Misc Attack,2,alert,Allow 04/10/22-16:23:11.254875 ,140,18,2,"(spp_sip) Content length mismatch",UDP,192.241.212.220,55707,xx.xx.xx.xx,5060,54321,Potentially Bad Traffic,2,alert,Allow 04/10/22-18:08:00.070426 ,1,2522107,4759,"ET TOR Known Tor Relay/Router (Not Exit) Node TCP Traffic group 108",TCP,45.61.188.191,47241,xx.xx.xx.xx,1080,54321,Misc Attack,2,alert,Allow 04/10/22-18:08:00.070426 ,1,2520106,4759,"ET TOR Known Tor Exit Node TCP Traffic group 107",TCP,45.61.188.191,47241,xx.xx.xx.xx,1080,54321,Misc Attack,2,alert,Allow 04/10/22-20:42:03.730836 ,140,18,2,"(spp_sip) Content length mismatch",UDP,128.199.3.204,58177,xx.xx.xx.xx,5060,40209,Potentially Bad Traffic,2,alert,Allow 04/10/22-21:11:10.595437 ,140,18,2,"(spp_sip) Content length mismatch",UDP,165.232.128.219,58181,xx.xx.xx.xx,5060,47623,Potentially Bad Traffic,2,alert,Allow 04/10/22-22:53:32.283173 ,1,2522107,4759,"ET TOR Known Tor Relay/Router (Not Exit) Node TCP Traffic group 108",TCP,45.61.188.191,50650,xx.xx.xx.xx,1080,54321,Misc Attack,2,alert,Allow 04/10/22-22:53:32.283173 ,1,2520106,4759,"ET TOR Known Tor Exit Node TCP Traffic group 107",TCP,45.61.188.191,50650,xx.xx.xx.xx,1080,54321,Misc Attack,2,alert,Allow 04/10/22-23:34:44.609324 ,1,2017919,2,"ET DOS Possible NTP DDoS Inbound Frequent Un-Authed MON_LIST Requests IMPL 0x03",UDP,14.1.112.177,38376,xx.xx.xx.xx,123,54321,Attempted Denial of Service,2,alert,Allow
NB the snort logs date format differs.