#!/bin/sh

#
# Summarise ipf(8) logs
#
# $Id: 100.ipfcount,v 1.2 2006/01/14 13:35:12 rob Exp $
#

# if there is a global system configuration file, suck it in
if [ -r /etc/defaults/periodic.conf ] ; then
	. /etc/defaults/periodic.conf
	source_periodic_confs
elif [ -r /etc/periodic.conf ]; then
	. /etc/periodic.conf
fi

# set these in /etc/periodic.conf
: ${daily_status_security_ipfcount_enable=NO}			# print report
: ${daily_status_security_ipfcount_logfile=/var/log/local0}	# logfiles to examine (may be compressed)
: ${daily_status_security_ipfcount_hosts=YES}			# print host report
: ${daily_status_security_ipfcount_ports=YES}			# print port report
: ${daily_status_security_ipfcount_top=10}			# limit of reporting (0 for no limit)

# bzcat, gzcat or cat logfiles
ipfcount_catfile()
{
	local file
	for file in $* ; do
		case $file in
		*.bz2 )	bzcat $file
			;;
		*.gz|*.Z ) gzcat $file
			;;
		* )	cat $file
			;;
		esac
	done
}

case "$daily_status_security_ipfcount_enable" in
[Yy][Ee][Ss] )
	case "$daily_status_security_ipfcount_hosts" in
	[Yy][Ee][Ss] )
		echo -e "\nTop $daily_status_security_ipfcount_top blocked hosts (ipf): "
		ipfcount_catfile $daily_status_security_ipfcount_logfile |
			ipfcount -binqk shost -t $daily_status_security_ipfcount_top
		;;
	esac
	case "$daily_status_security_ipfcount_ports" in
	[Yy][Ee][Ss] )
		echo -e "\nTop $daily_status_security_ipfcount_top blocked ports (ipf): "
		ipfcount_catfile $daily_status_security_ipfcount_logfile |
			ipfcount -binqk dport -t $daily_status_security_ipfcount_top
		;;
	esac
	;;
esac