Here below is an example of log rotation for IPSO
#!/bin/sh
#
# Set environment variables
sh /var/etc/rcm_profile
#
cd /var/fw/log
#
# Switch CheckPoint log into dated file for saving
# Surpress resolving of IP/names
PERIOD=`date "+%d%m%y"`
$FWDIR/bin/fw logswitch $PERIOD 2> /dev/null
#
# output logfile to comma seperated variable file
$FWDIR/bin/fw logexport -d , -i $PERIOD.log -o yesterday -n 2> /dev/null
#
# search for all dropped packets
ATTACK=$PERIOD.attack
grep "drop" yesterday >> $ATTACK
#
# uuencoded files will be interpreted as an attachment by most mail clients
uuencode $ATTACK $PERIOD.csv > $PERIOD.csv
#
# mail attack to system administrator
mail -s "Fire Log Switch" fwadmin@corp.com < $PERIOD.csv
#!/bin/sh
#
# Set environment variables
sh /var/etc/rcm_profile
#
cd /var/fw/log
#
# Switch CheckPoint log into dated file for saving
# Surpress resolving of IP/names
PERIOD=`date "+%d%m%y"`
$FWDIR/bin/fw logswitch $PERIOD 2> /dev/null
#
# output logfile to comma seperated variable file
$FWDIR/bin/fw logexport -d , -i $PERIOD.log -o yesterday -n 2> /dev/null
#
# search for all dropped packets
ATTACK=$PERIOD.attack
grep "drop" yesterday >> $ATTACK
#
# uuencoded files will be interpreted as an attachment by most mail clients
uuencode $ATTACK $PERIOD.csv > $PERIOD.csv
#
# mail attack to system administrator
mail -s "Fire Log Switch" fwadmin@corp.com < $PERIOD.csv
No comments:
Post a Comment