100 likes | 243 Views
FreeBSD Log and Report Analyzer. http://bbxloganalyzer.googlecode.com. Who is it for?. FreeBSD administrators that have high traffic email servers and want human readable reporting features for themselves and clients.
E N D
FreeBSD Log and Report Analyzer http://bbxloganalyzer.googlecode.com
Who is it for? • FreeBSD administrators that have high traffic email servers and want human readable reporting features for themselves and clients. • Any administrators that wants a way to automatically block bad users or email addresses permanently. • This program is designed with the intent that the user wants to "clean up" their system. This would include: not sending emails to bad addresses, addressing spam bounces, blocking persistent dictionary attack addresses and domains, creating honey pots and disallowing connections from these places. • Some modules would work for Linux administrators, as well as some Unix systems, with some modification to the installation script, main program and modules.
What does it do? • The purpose is to analyze log files and take action(s) on the results. • This is a framework to create log parsers for specific queries. • The included parsers are for security and daily periodic logs, lire-2.0 Postfix Reports and the maillog. • If you have a specific need to pull out any information from these logs, you can with simple modifications to these modules. • If one should want to parse other similar files, it should be fairly easy to modify one of the included modules.
What are the requirements? • Natively the only supported Operating System is FreeBSD. • Main Program Requirements: • Perl • DBI • DateTime • Slurp (File::Slurp) • File::Copy • PHP 5+ • MySQL 5+ • Active Web Server on Same Host • There are additional requirements for each module, please check the documentation for details
What are all these files? • For a complete list of files and their functions please see the README • bbxLogAnalyzer.pl – The main program file, don’t edit this. • config.pl – The file you edit to set the program up on a new system or to add new errors to scan for • .log files are copies of emails or logs to scan • .dat files store the match data (You can turn on cleanDat in config.pl which will erase the .dat files after it is done with them.) • README – All the documentation regarding the program • The ‘wwwData’ directory has all the files that you need to put somewhere in your web directory and then set the path in config.pl
How do I install it? • Just edit config.pl, and run. If it does not fail, it is installed. If it does, you have not configured something correctly. • There are two ways to edit config.pl, you can add your root MySQL login information and the script will create the database for you, or you can just enter your user login information after you create the database on your own. • If you want to add any more checks to the parser, edit config.pl and add them.
How do I run it? • There are 3 ways to run the script: • Web Interface – See README for instructions on how to access the web interface • Command Line – cd to your installation dir, ./bbxLogAnalyzer.pl • cron job – You can, and probably should, set this to run every day via cron. (You will have to get the files the parser needs using your own shell scripts, examples are provided.)
What does the output look like? • The main point of the program is to provide only the information you need to clean up your connections and reduce spam bounces. • The output at this time is the last run output html file and the reports that are generated. • I am currently working on generating more detailed output and coming up with working solutions for some of the bounce issues a busy server may experience. • Lets look at the current output…
What features are in the works? • The intrusion module needs to have the final steps completed that will create the hosts.allow file • The user module • More documentation • Better structuring of the code and SVN • The first Beta release • Better formatted output • Better recommendations for errors • cron examples • shell scripts for log copies and email capture
In Summary • This is a very specialized program. Many people will find no use for it. However, if you need a fast and flexible way to parse *nix reports and logs, hopefully this program will get you on your way. • Remember: http://bbxloganalyzer.googlecode.com • Questions, comments? brandonbearden@gmail.com