SCSIraidGURU’s World

SRG

SCSIraidGURU’s World

IPv4 DoS Policy has udp flood set to block.   This shell file parses the Firewall log from the day before.    

190822   2019    08      22     13

It writes this data stream.  the unique key,  year, month, day and count of attacks. 

 

#!/bin/bash
CURRENTDATE=`date –date=”1 days ago” +%Y-%m-%d`
CURRENTDATESHORT=`date  –date=”1 days ago”  +%y-%d-%m`
FourYear=`date +%Y`
TwoYear=`date –date=”1 days ago” +%y`
Month=`date –date=”1 days ago” +%m`
Day=`date –date=”1 days ago” +%d`
FNAME=”udp_flood-${CURRENTDATE}.txt”
echo ${CURRENTDATE}
echo ${CURRENTDATESHORT}
echo ${TwoYear}
echo ${Month}
echo ${Day}
echo ${TwoYear}${Month}${Day}
echo ${FNAME}
sudo echo -n ${TwoYear}${Month}${Day} >> “/home/michael/logs/${FNAME}”
sudo echo -n -e ‘\t’ $FourYear  >> “/home/michael/logs/${FNAME}”
sudo echo -n -e ‘\t’ $Month >> “/home/michael/logs/${FNAME}”
sudo echo -n -e ‘\t’ $Day ‘\t’ >> “/home/michael/logs/${FNAME}”
sudo cat /var/log/firewalls/192.168.1.173-${CURRENTDATE}.log | grep  -o -w attack=\”udp_flood\” | wc -w >> “/home/michael/logs/${FNAME}”
sudo chown michael:michael “/home/michael/logs/${FNAME}”
sudo chmod 755 “/home/michael/logs/${FNAME}”

Close Menu