Small useful scripts



  • Hi there,

    Don't know if you are interested but let's start a topic with some useful small scripts to save time.

    Top 10 blocked IP (and count) in the last 1000 lines of the filrewall log file.

    
    #!/bin/sh
    
    grep "\([0-9]\{1,3\}\.\)\{3\}\([0-9]\{1,3\}\)" /var/log/filter.log | head -n1000 | while read line
    do
      echo $line | sed 's/^.* \(\([0-9]\{1,3\}\.\)\{3\}\)\([0-9]\{1,3\}\).*\(\([0-9]\{1,3\}\.\)\{4\}\).*$/\1\3/'
    done | sort | uniq -c | sort -rn | head
    
    

    Feel free to post yours  :)


  • Rebel Alliance Developer Netgate

    Click Status > System Logs, Firewall Tab, Summary View (Available on 2.0 and with the Dashboard package on 1.2.3) which breaks it down even better with pie charts, for ports, IPs, etc. :-)



  • you are so booooring  :P :D


  • Netgate Administrator

    Pie charts! Wa….  :o ;D

    Steve



  • new one…

    Count and display IP who tried to logon via SSH with bad password

    #!/bin/sh
    
    clog /var/log/system.log | grep -ia "sshd.*failed.*password" | sed 's/^.* \(\([0-9]\{1,3\}\.\)\{3\}\)\([0-9]\{1,3\}\).*$/\1\3/' | sort | uniq -c | sort -n
    

    I wanted to do it with a do while loop like the first script but it's stop on the "read line" condition and never stop


Log in to reply