Implement 'show log <token>'

Signed-off-by: Tom Eastep <teastep@shorewall.net>
2024-11-22 07:33:43 +01:00 · 2010-04-19 10:20:28 -07:00 · 2010-04-19 10:20:28 -07:00 · 8c09f21e5d
commit 8c09f21e5d
parent 32d3e50c05
5 changed files with 25 additions and 4 deletions
--- a/Shorewall-lite/shorewall-lite
+++ b/Shorewall-lite/shorewall-lite
@ -376,7 +376,7 @@ usage() # $1 = exit status
    echo "   show connections"
    echo "   show filters"
    echo "   show ip"
-    echo "   show [ -m ] log"
+    echo "   show [ -m ] log [<ip address>]"
    echo "   show [ -x ] mangle|nat|raw|routing"
    echo "   show policies"
    echo "   show tc [ device ]"
--- a/Shorewall/changelog.txt
+++ b/Shorewall/changelog.txt
@ -27,6 +27,8 @@ Changes in Shorewall 4.4.9

 13) Don't create output chains for BPORT zones.

+14) Implement 'show log ip-addr' in /sbin/shorewall and /sbin/shorewall-lite/
+
 Changes in Shorewall 4.4.8

 1)  Correct handling of RATE LIMIT on NAT rules.
--- a/Shorewall/lib.cli
+++ b/Shorewall/lib.cli
@ -159,6 +159,15 @@ packet_log() # $1 = number of messages
    fi
 }

+search_log() # $1 = IP address to search for
+{
+    if [ -n "$g_showmacs" -o $VERBOSITY -gt 2 ]; then
+	$g_logread | grep 'IN=.* OUT=.*SRC=.*\..*DST=' | grep "$1" | tac | sed 's/ kernel://; s/\[.*\] //' | sed s/" $host $LOGFORMAT"/" "/
+    else
+	$g_logread | grep 'IN=.* OUT=.*SRC=.*\..*DST=' |  grep "$1" | tac | sed 's/ kernel://; s/MAC=.* SRC=/SRC=/; s/\[.*\] '// | sed s/" $host $LOGFORMAT"/" "/
+    fi
+}    
+
 #
 # Show traffic control information
 #
@ -541,12 +550,17 @@ show_command() {
 	    $IPTABLES -t mangle -L $g_ipt_options
 	    ;;
 	log)
-	    [ $# -gt 1 ] && usage 1
+	    [ $# -gt 2 ] && usage 1
 	    echo "$g_product $SHOREWALL_VERSION Log ($LOGFILE) at $g_hostname - $(date)"
 	    echo
 	    show_reset
 	    host=$(echo $g_hostname | sed 's/\..*$//')
-	    packet_log 20
+
+	    if [ $# -eq 2 ]; then
+		search_log $2
+	    else
+		packet_log 20
+	    fi
 	    ;;
 	tc)
 	    [ $# -gt 2 ] && usage 1
--- a/Shorewall/releasenotes.txt
+++ b/Shorewall/releasenotes.txt
@ -336,6 +336,11 @@ None.
    duplicate chains. So to set all possible optimizations, specify
    OPTIMIZE=15.

+5)  /sbin/shorewall and /sbin/shorewall-lite now support 'show log
+    <ipaddr>' where <ipaddr> is an IP address. The command searches the
+    current LOGFILE for Netfilter messages containing the supplied
+    address.
+
 ----------------------------------------------------------------------------
 V I.  P R O B L E M S  C O R R E C T E D  A N D  N E W   F E A T U R E S
      I N   P R I O R  R E L E A S E S
--- a/Shorewall/shorewall
+++ b/Shorewall/shorewall
@ -1360,7 +1360,7 @@ usage() # $1 = exit status
    echo "   show dynamic <zone>"
    echo "   show filters"
    echo "   show ip"
-    echo "   show [ -m ] log"
+    echo "   show [ -m ] log [<ip address>]"
    echo "   show macro <macro>"
    echo "   show macros"
    echo "   show [ -x ] mangle|nat|raw|routing"