extern/shorewall_code
1
0
Fork 1
mirror of https://gitlab.com/shorewall/code.git synced 2024-12-22 06:10:42 +01:00
Code Issues Packages Projects Releases Wiki Activity

Further improve readability of the show event[s] commands.

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2013-07-13 09:08:50 -07:00
parent 3625d9eae7
commit 5ba8df81fb
2 changed files with 47 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
Shorewall-core/lib.cli
View File

@ -744,23 +744,48 @@ show_event() {
local count local count
while read address ttl_label ttl last_seen last oldest_pkt oldest intimes; do while read address ttl_label ttl last_seen last oldest_pkt oldest intimes; do
case $address in
*.*)
[ $g_family -eq 4 ] || continue
;;
*:*)
[ $g_family -eq 6 ] || continue
;;
*)
continue
;;
esac
outtimes1='' outtimes1=''
outtimes2='' outtimes2=''
count=0 count=0
last=$((($currenttime - $last)/1000)) last=$((($currenttime - $last)/1000))
for time in $intimes; do for time in $intimes; do
time=${time%,} time=${time%,}
time=$((($currenttime - $time)/1000)) time=$(($currenttime - $time))
if [ $time -lt 10 ]; then
time="000$time"
elif [ $time -lt 100 ]; then
time="00$time"
elif [ $time -lt 1000 ]; then
time="0$time"
fi
if [ $count -lt $oldest ]; then if [ $count -lt $oldest ]; then
outtimes2="$outtimes2 $time" outtimes2="$outtimes2 $time"
else else
outtimes1="$outtimes1 $time" outtimes1="$outtimes1 $time"
fi fi
count=$(($count + 1)) count=$(($count + 1))
done done
echo " $address :${outtimes1}${outtimes2}"
done < /proc/net/xt_recent/$1
outtimes1="${outtimes1}${outtimes2}"
[ -n "$outtimes1" ] && outtimes1=$(echo "$outtimes1 " | sed -r 's/([[:digit:]]{3}) /\.\1, /g') && outtimes1=${outtimes1%, }
echo " $address : ${outtimes1}"
done < /proc/net/xt_recent/$1
} }
show_events() { show_events() {

33
docs/Events.xml
View File

@ -421,23 +421,26 @@
the events listed in the command while <emphasis role="bold">show the events listed in the command while <emphasis role="bold">show
events</emphasis> lists the contents of all events.</para> events</emphasis> lists the contents of all events.</para>
<programlisting>root@gateway:/usr/src/linux-source-3.2/net/netfilter# shorewall show events <programlisting>root@gateway:~# shorewall show events
Shorewall 4.5.19-Beta2 events at gateway - Fri Jul 12 15:57:20 PDT 2013 Shorewall 4.5.19-Beta2 events at gateway - Sat Jul 13 07:17:59 PDT 2013
SSH SSH
src=125.46.13.163 : 3453 src=75.101.251.91 : 2225.808, 2225.592
src=200.59.55.50 : 3900 3900 src=218.87.16.135 : 2078.490
src=65.182.111.112 : 2946
SSH_COUNTER SSH_COUNTER
src=65.182.111.112 : 5755.790
src=113.162.155.243 : 4678.249
sticky001 sticky001
src=172.20.1.146 : 8 8 8 8 8 8 8 8 8 8 8 8 8 8 7 7 7 7 7 7 src=172.20.1.146 : 5.733, 5.728, 5.623, 5.611, 5.606, 5.606, 5.589, 5.588, 5.565, 5.551, 5.543, 5.521, 5.377, 5.347, 5.347, 5.345, 5.258, 5.148, 5.048, 4.949
src=172.20.1.151 : 41.805, 41.800
sticky002 sticky002
src=172.20.1.213 : 53 49 49 49 49 49 49 49 49 49 49 49 49 49 49 49 49 49 46 46 src=172.20.1.213 : 98.122, 98.105, 98.105, 98.105, 98.088, 98.088, 98.088, 98.088, 98.058, 98.058, 80.885, 53.528, 53.526, 53.526, 53.510, 53.383, 53.194, 53.138, 53.072, 3.119
src=172.20.1.146 : 4.914, 4.914, 4.898, 4.897, 4.897, 4.896, 4.896, 4.896, 4.882, 4.881, 4.875, 4.875, 4.875, 4.875, 4.875, 4.875, 4.875, 4.874, 4.874, 4.874
root@gateway:/usr/src/linux-source-3.2/net/netfilter# </programlisting> root@gateway:~# </programlisting>
<para>The SSH and SSH_COUNTER events are created using the following <para>The SSH and SSH_COUNTER events are created using the following
Automatic Blacklisting example. The sticky001 and sticky002 events are Automatic Blacklisting example. The sticky001 and sticky002 events are
@ -446,12 +449,12 @@ root@gateway:/usr/src/linux-source-3.2/net/netfilter# </programlisting>
<para>Each line represents one event. The list of numbers following the <para>Each line represents one event. The list of numbers following the
':' represent the number of seconds ago that a matching packet triggered ':' represent the number of seconds ago that a matching packet triggered
the event. The numbers are in chronological sequence, so In this event, the event. The numbers are in chronological sequence, so In this event,
there were 20 packets from 172.20.1.213 that arrived between 53 and 46 there were 20 packets from 172.20.1.146 that arrived between 5.733 and
seconds ago:</para> 4.949 seconds ago:</para>
<programlisting>sticky002 <programlisting>sticky001
src=172.20.1.213 : <emphasis role="bold">53</emphasis> 49 49 49 49 49 49 49 49 49 49 49 49 49 49 49 49 49 46 <emphasis src=172.20.1.146 : <emphasis role="bold">5.733</emphasis>, 5.728, 5.623, 5.611, 5.606, 5.606, 5.589, 5.588, 5.565, 5.551, 5.543, 5.521, 5.377, 5.347, 5.347, 5.345, 5.258, 5.148, 5.048, <emphasis
role="bold">46</emphasis></programlisting> role="bold">4.949</emphasis> </programlisting>
<para>Note that there may have been earlier packets that also matched, <para>Note that there may have been earlier packets that also matched,
but the system where this example was captured used the default value of but the system where this example was captured used the default value of
@ -460,7 +463,9 @@ root@gateway:/usr/src/linux-source-3.2/net/netfilter# </programlisting>
<para>The output of these commands is produced by processing the <para>The output of these commands is produced by processing the
contents of <filename>/proc/net/xt_recent/*</filename>. You can access contents of <filename>/proc/net/xt_recent/*</filename>. You can access
those files directly to see the raw data.</para> those files directly to see the raw data. The raw times are the uptime
in milliseconds. The %CURRENTTIME entry is created by the <command>show
event[s]</command> commands to obtain the current uptime.</para>
</section> </section>
</section> </section>