Boyd Lynn Gerber typed (on Mon, May 05, 2008 at 06:09:41PM -0600):
| Hello,
|
| I just finished a program that I run in cron every 15 minutes to add block
| rules to IPF for attacks in syslog. You this at your own risk. It is
| licensed under the GPL.
|
| ftp://ftp.zenez.com/pub/zenez/prgms/...-ipf-block-ips
|
| Please send any feedback or changes to me.

Shouldn't you be able to consolidate several of those awk scans of the
syslog into one run of awk?


I make every effort here to unclutter the syslog file; I think it
affords far easier parsing by scripts, let alone by human eyes, to
effect logging into diverse files. To that end, my /etc/syslog.conf
file contains:


# @(#) syslog.conf on jpradley.jpr.com
#
# *.debug;*.info /var/adm/syslog
# above is sole line originally shipped in this file from SCO.

*.info;daemon,local0,local3,local4,local5,local6,l ocal7,mail,news.none\
/var/adm/syslog
daemon.err /var/adm/syslog

## SCO's mqueue compiled to use Facility = mail
## SCO's popper compiled to use Facility = local0
mail,local0.notice /var/adm/maillog

## cpqasm facility=local1 in /etc/cevtdl.conf
local1.info /var/adm/cpqasm.log

## tcp-wrappers I compiled it to use Facility=local3
local3.notice /var/adm/tcplog

## HylaFax Facility=local5 in /usr/local/spool/hylafax/etc/config
local5.* /var/adm/hylafaxlog

## sshd SyslogFacility=local6 in /etc/ssh/sshd_config
local6.* /var/adm/sshdlog

... and more pertaining to my Usenet news feed.

--
JP