holm/shorewall_code
1
0
Fork 0
forked from extern/shorewall_code
Code Pull Requests Activity

Extend 'show log <ipaddr>' to search for a regular expression.

Browse Source 
Signed-off-by: Tom Eastep <teastep@shorewall.net>
This commit is contained in:
Tom Eastep 2010-04-19 13:02:21 -07:00
parent 8c09f21e5d
commit a0abb11f67
6 changed files with 24 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Shorewall-lite/shorewall-lite
View File

@ -376,7 +376,7 @@ usage() # $1 = exit status
echo " show connections" echo " show connections"
echo " show filters" echo " show filters"
echo " show ip" echo " show ip"
echo " show [ -m ] log [<ip address>]" echo " show [ -m ] log [<regex>]"
echo " show [ -x ] mangle|nat|raw|routing" echo " show [ -x ] mangle|nat|raw|routing"
echo " show policies" echo " show policies"
echo " show tc [ device ]" echo " show tc [ device ]"

8
Shorewall/releasenotes.txt
View File

@ -336,10 +336,10 @@ None.
duplicate chains. So to set all possible optimizations, specify duplicate chains. So to set all possible optimizations, specify
OPTIMIZE=15. OPTIMIZE=15.
5) /sbin/shorewall and /sbin/shorewall-lite now support 'show log 5) The command-line tools now support 'show log <regex>' where <regex>
<ipaddr>' where <ipaddr> is an IP address. The command searches the is a regular expression to search for in the LOGFILE. The command
current LOGFILE for Netfilter messages containing the supplied searches the current LOGFILE for Netfilter messages matching the
address. supplied regex.
---------------------------------------------------------------------------- ----------------------------------------------------------------------------
V I. P R O B L E M S C O R R E C T E D A N D N E W F E A T U R E S V I. P R O B L E M S C O R R E C T E D A N D N E W F E A T U R E S

2
Shorewall/shorewall
View File

@ -1360,7 +1360,7 @@ usage() # $1 = exit status
echo " show dynamic <zone>" echo " show dynamic <zone>"
echo " show filters" echo " show filters"
echo " show ip" echo " show ip"
echo " show [ -m ] log [<ip address>]" echo " show [ -m ] log [<regex>]"
echo " show macro <macro>" echo " show macro <macro>"
echo " show macros" echo " show macros"
echo " show [ -x ] mangle|nat|raw|routing" echo " show [ -x ] mangle|nat|raw|routing"

2
Shorewall6-lite/shorewall6-lite
View File

@ -364,7 +364,7 @@ usage() # $1 = exit status
echo " restart [ -n ] [ -f ]" echo " restart [ -n ] [ -f ]"
echo " restore [ -n ] [ <file name> ]" echo " restore [ -n ] [ <file name> ]"
echo " save [ <file name> ]" echo " save [ <file name> ]"
echo " show [ -x ] [ -m ] [-f] [ -t {filter|mangle} ] [ {chain [<chain> [ <chain> ... ]capabilities|classifiers|config|connections|filters|ip|log|macros|mangle|nat|policies|raw|routing|tc|vardir|zones} ]" echo " show [ -x ] [ -m ] [-f] [ -t {filter|mangle} ] [ {chain [<chain> [ <chain> ... ]capabilities|classifiers|config|connections|filters|ip|log [<regex>]|macros|mangle|nat|policies|raw|routing|tc|vardir|zones} ]"
echo " start [ -f ] [ <directory> ]" echo " start [ -f ] [ <directory> ]"
echo " stop [ -f ]" echo " stop [ -f ]"
echo " status" echo " status"

18
Shorewall6/lib.cli
View File

@ -140,6 +140,15 @@ packet_log() # $1 = number of messages
fi fi
} }
search_log() # $1 = IP address to search for
{
if [ -n "$g_showmacs" -o $VERBOSITY -gt 2 ]; then
$g_logread | grep 'IN=.* OUT=.*SRC=.*\..*DST=' | grep "$1" | tac | sed 's/ kernel://; s/\[.*\] //' | sed s/" $host $LOGFORMAT"/" "/
else
$g_logread | grep 'IN=.* OUT=.*SRC=.*\..*DST=' | grep "$1" | tac | sed 's/ kernel://; s/MAC=.* SRC=/SRC=/; s/\[.*\] '// | sed s/" $host $LOGFORMAT"/" "/
fi
}
# #
# Show traffic control information # Show traffic control information
# #
@ -447,12 +456,17 @@ show_command() {
$IP6TABLES -t raw -L $g_ipt_options $IP6TABLES -t raw -L $g_ipt_options
;; ;;
log) log)
[ $# -gt 1 ] && usage 1 [ $# -gt 2 ] && usage 1
echo "$g_product $SHOREWALL_VERSION Log ($LOGFILE) at $g_hostname - $(date)" echo "$g_product $SHOREWALL_VERSION Log ($LOGFILE) at $g_hostname - $(date)"
echo echo
show_reset show_reset
host=$(echo $g_hostname | sed 's/\..*$//') host=$(echo $g_hostname | sed 's/\..*$//')
packet_log 20
if [ $# -eq 2 ]; then
search_log $2
else
packet_log 20
fi
;; ;;
tc) tc)
[ $# -gt 2 ] && usage 1 [ $# -gt 2 ] && usage 1

2
Shorewall6/shorewall6
View File

@ -1282,7 +1282,7 @@ usage() # $1 = exit status
echo " restart [ -n ] [ -f ] [ <directory> ]" echo " restart [ -n ] [ -f ] [ <directory> ]"
echo " restore [ -n ] [ <file name> ]" echo " restore [ -n ] [ <file name> ]"
echo " save [ <file name> ]" echo " save [ <file name> ]"
echo " show [ -x ] [ -m ] [-f] [ -t {filter|mangle} ] [ {chain [<chain> [ <chain> ... ]|actions|capabilities|classifiers|config|connections|filters|ip|log|macros|mangle|nat|policies|raw|routing|tc|vardir|zones} ]" echo " show [ -x ] [ -m ] [-f] [ -t {filter|mangle} ] [ {chain [<chain> [ <chain> ... ]|actions|capabilities|classifiers|config|connections|filters|ip|log [<regex>]|macros|mangle|nat|policies|raw|routing|tc|vardir|zones} ]"
echo " start [ -f ] [ -n ] [ <directory> ]" echo " start [ -f ] [ -n ] [ <directory> ]"
echo " stop [ -f ]" echo " stop [ -f ]"
echo " status" echo " status"