Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Small useful scripts

    Scheduled Pinned Locked Moved Off-Topic & Non-Support Discussion
    5 Posts 3 Posters 2.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      darxmurf
      last edited by

      Hi there,

      Don't know if you are interested but let's start a topic with some useful small scripts to save time.

      Top 10 blocked IP (and count) in the last 1000 lines of the filrewall log file.

      
      #!/bin/sh
      
      grep "\([0-9]\{1,3\}\.\)\{3\}\([0-9]\{1,3\}\)" /var/log/filter.log | head -n1000 | while read line
      do
        echo $line | sed 's/^.* \(\([0-9]\{1,3\}\.\)\{3\}\)\([0-9]\{1,3\}\).*\(\([0-9]\{1,3\}\.\)\{4\}\).*$/\1\3/'
      done | sort | uniq -c | sort -rn | head
      
      

      Feel free to post yours  :)

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        Click Status > System Logs, Firewall Tab, Summary View (Available on 2.0 and with the Dashboard package on 1.2.3) which breaks it down even better with pie charts, for ports, IPs, etc. :-)

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • D
          darxmurf
          last edited by

          you are so booooring  :P :D

          1 Reply Last reply Reply Quote 0
          • stephenw10S
            stephenw10 Netgate Administrator
            last edited by

            Pie charts! Wa….  :o ;D

            Steve

            1 Reply Last reply Reply Quote 0
            • D
              darxmurf
              last edited by

              new one…

              Count and display IP who tried to logon via SSH with bad password

              #!/bin/sh
              
              clog /var/log/system.log | grep -ia "sshd.*failed.*password" | sed 's/^.* \(\([0-9]\{1,3\}\.\)\{3\}\)\([0-9]\{1,3\}\).*$/\1\3/' | sort | uniq -c | sort -n
              

              I wanted to do it with a do while loop like the first script but it's stop on the "read line" condition and never stop

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.