#!/bin/sh

# Dig the interesting stuff out of the log files

AGO=1
if [ $# -eq 1 ]; then AGO=$1; fi

FW_LOG="/var/log/messages /var/log/messages.1"


# Need this for date-formatting to work correctly ...
unset LC_ALL
unset LANG
export LC_ALL LANG

echo "Firewall log `date --date "$AGO days ago"`"

# Parse firewall log
DATESTR=`date --date "$AGO days ago" +"%b %e"`

echo -e "\n\nInteresting firewall blocks"
echo -e "Count\tIP\t\tService"
sudo cat $FW_LOG | \
    grep "^$DATESTR" |\
    egrep "Packet log|kernel: IN=eth1 OUT=" > /tmp/hacklog.$$
cat /tmp/hacklog.$$ | ~/bin/parse_fwfilter.pl | sort | uniq --count

echo -e "\n\nDetailed firewall log\n"
cat /tmp/hacklog.$$

rm -f /tmp/hacklog.$$