bind9 logs
Wytze van der Raay
wytze at nlnet.nl
Wed Mar 14 11:04:55 CET 2001
Joost van Baal wrote:
> A, you've got your own wrapper to de-anonmize the logs. So you're
> not using lr_rawmail2mail?
Well, in fact I am using a wrapper-wrapper I guess (see below for scripts).
I didn't know about lr_rawmail2mail, but having read its manual page now,
I don't see how it would help me much. My main problem is how to pass the
correct decoding key into the script when receiving the reply (I am using
a separate key per day -- helpful if you get a batch of backlogged reports
at once, otherwise maybe overkill).
This is the script I use to decode the data (after having saved it
manually into a file named YYYYMMDD):
#! /bin/sh
# decode report from bind9 responder
HOME=/village/wytze
LR_BIN=${HOME}/logreport/software/bin
PATH=${PATH}:${LR_BIN}; export PATH
TESTDIR=${HOME}/logreport/test
cd ${TESTDIR}
DATEKEY=$1
lr_deanonimize ${DATEKEY} <$1 | lr_raw2report >$1.report
and this is how I submit the report request (activated from cron):
#! /bin/sh
# cronjob to send report to bind9 responder on a daily basis
RESPONDER=log at bind9.logreport.org
HOME=/village/wytze
ANONIMIZE=${HOME}/logreport/software/bin/lr_anonimize
TESTDIR=${HOME}/logreport/test
cd ${TESTDIR}
DATEKEY=`date +'%Y%m%d'`
LOGFILE=log.${DATEKEY}
zcat -f /var/log/named/log* | ${ANONIMIZE} ${DATEKEY} >${LOGFILE}
gzip -9 ${LOGFILE}
mutt -a ${LOGFILE}.gz -s "anon `hostname` ${DATEKEY}" ${RESPONDER} </dev/null
Any ideas for doing this in a smarter, more automated, fashion
are appreciated!
Regards,
-- wytze
--
To UNSUBSCRIBE, email to development-request at logreport.org with a subject of
"unsubscribe". Trouble? Send an email with subject "help" to
development-request at logreport.org
More information about the Development
mailing list