Date: Thu, 20 Feb 2003 18:30:08 -0800 (PST) From: Giorgos Keramidas <keramida@freebsd.org> To: freebsd-bugs@FreeBSD.org Subject: Re: misc/48444: change to count connection attempts instead of listing them Message-ID: <200302210230.h1L2U8WN009415@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR misc/48444; it has been noted by GNATS.
From: Giorgos Keramidas <keramida@freebsd.org>
To: Alan Batie <alan@agora.rdrop.com>
Cc: bug-followup@freebsd.org
Subject: Re: misc/48444: change to count connection attempts instead of listing them
Date: Fri, 21 Feb 2003 04:26:24 +0200
I do agree that listing all of ipfw's output can be overwhelming at
times. Since the perl script of the PR only works for IPFW, here's an
addition that will probably look interesting to ipfilter users. I'm
using the following locally to check for ports that ipfilter has
blocked and logged:
: #!/bin/sh
: # $RCS: scripts/listports.sh,v 1.1 2003/01/22 01:14:06 giorgos Exp $
: # List all the ports that ipfilter has blocked and logged,
: # ordered by number of hits.
:
: echo " RANK HITS PORT"
: grep "`date '+%b %e'`" /var/log/messages |\
: egrep -e '(ppp|tun)[0-9]+ .* b ' |\
: sed -e 's/^.*,.*,//' -e 's/ .*$//' |\
: sort | uniq -c | sort -r -k 1 | \
: awk '{ printf "%10d %10d %10d\n", NR, $1, $2 }'
The output is similar to (trimmed to keep this a bit short):
: # sh listports.sh | head -6
: RANK HITS PORT
: 1 32 137
: 2 15 80
: 3 11 1214
: 4 11 1080
: 5 8 81
Does this look like an interesting addition to periodic/security too?
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200302210230.h1L2U8WN009415>