- 论坛徽章:
- 0
|
系统日志分析脚本
- #####################################################################
- # 7 postfix 的登录资料的功能函数 (Function) !
- funcpost () {
- echo "================= Postfix 的登录档资讯汇整 ===================" >> $logfile
- auth=no
- [ -f /usr/lib/sasl/smtpd.conf ] && auth=yes
- [ -f /usr/lib/sasl2/smtpd.conf ] && auth=yes
- if [ "$auth" == "yes" ]; then
- echo "您的主机有进行 SASL 身份认证的功能" >> $logfile
- else
- echo "您的主机没有进行 SASL 身份认证的功能" >> $logfile
- fi
- echo " " >> $logfile
- postall=`cat $basedir/maillog | grep 'postfix.*qmgr.*from.*size' | \
- wc -l | awk '{print $1}'`
- if [ "$postall" != "0" ]; then
- echo "SMTP共受信次数: $postall " | \
- awk '{printf( "\%-21s \%10d\n", $1, $2)}' >> $logfile
- mailsize=`cat $basedir/maillog | \
- grep 'postfix.*qmgr.*from.*size' | \
- sed 's/^.*size=//g' | awk -F ',' '{print $1}' | \
- awk '{ smtp = smtp + $1 } END {print smtp/1024}'`
- echo "共收受信件的容量大小: $mailsize KBytes" | \
- awk '{printf( "\%-20s \%10d \%-8s\n",$1, $2, $3)}' >> $logfile
- echo " " >> $logfile
- fi
- cat $basedir/maillog | grep "postfix.*qmgr.*from.*size" |\
- sed 's/^.*\]://g' | sed 's/:.*$//g' | awk '{print $1}' \
- > $basedir/postid
- cat $basedir/maillog | grep "postfix.*smtpd.*client=" \
- > $basedir/postlog-host
- cat $basedir/maillog | grep "postfix.*qmgr.*from.*size" \
- > $basedir/postlog-email-size
- cat $basedir/maillog | grep "postfix.*smtpd.*LOGIN" \
- > $basedir/postlog-auth
- cat $basedir/maillog | grep "postfix.*smtp\[.*to.*relay.*sent" \
- > $basedir/postlog-send
- cat $basedir/maillog | grep "postfix.*smtp\[.*to.*relay" |\
- grep -v 'sent' > $basedir/postlog-nosend
- touch $basedir/postid
- postid=`cat $basedir/postid`
- [ -f $basedir/postlog.1 ] && rm $basedir/postlog.1
- for mailid in $postid
- do
- posthost=`cat $basedir/postlog-host| grep "$mailid" |\
- sed 's/^.*: client//g'|sed 's/^.*\[//g' |\
- sed 's/\].*//g' | head -n 1`
- if [ "$posthost" == "" ]; then
- posthost="unknow"
- fi
- postemail=`cat $basedir/postlog-email-size |\
- grep "$mailid" |\
- sed 's/^.*from=<//g' | sed 's/>.*$//g' |\
- head -n 1`
- if [ "$postemail" == "" ]; then
- postemail="unknow"
- fi
- postsend=`cat $basedir/postlog-send |\
- grep "$mailid"|head -n 1`
- postnosend=`cat $basedir/postlog-nosend |\
- grep "$mailid"|head -n 1`
- if [ "$postsend" == "" ] && [ "$postnosend" == "" ]; then
- postsend="local"
- elif [ "$postsend" == "" ] && [ "$postnosend" != "" ]; then
- postsend="deffer"
- else
- postsend="send"
- fi
- postauth=`cat $basedir/postlog-auth |\
- grep "$mailid" |head -n 1`
- if [ "$postauth" == "" ]; then
- postauth="noauth"
- else
- postauth="auth"
- fi
- postauthname=`cat $basedir/postlog-auth |\
- grep "$mailid" | sed 's/^.*username=//g'|\
- head -n 1`
- if [ "$postauthname" == "" ]; then
- postauthname="noauth"
- fi
- postsize=`cat $basedir/postlog-email-size |\
- grep "$mailid" |\
- sed 's/^.*size=//g' | sed 's/,.*$//g' |\
- head -n 1`
- if [ "$postsize" == "" ]; then
- postsize="0"
- fi
- echo $posthost $postemail $postsend $postauth $postauthname "," $postsize \
- >> $basedir/postlog.1
- done
- cat $basedir/postlog.1 | sort | uniq > $basedir/postlog
- touch $basedir/postlog
- # 1. 认证者寄信
- postfix_auth="0"
- if [ "$auth" == "yes" ]; then
- cat $basedir/postlog | egrep '\bauth\b' |\
- awk '{FS=","}{if(NR>=2) for( i=1; i<2; i++ ) (sizes[$i]=sizes[$i]+$2/1024) && Number[$i]++ };
- END{ for( course in Number )
- printf( "\%-80s \%-10s \%-10s\n", course, Number[course], sizes[course])}'\
- > $basedir/postfix-auth
- postfix_auth=`cat $basedir/postfix-auth | grep 'send' |\
- wc -l| awk '{print $1}'`
- if [ "$postfix_auth" != "0" ]; then
- echo "经过认证者寄出本机(转信)" >> $logfile
- echo "帐号 来源位址 次数 信件容量(KBytes)"| \
- awk '{printf("\%-25s \%-20s \%-6s \%-10s\n", $1, $2, $3, $4)}' >> $logfile
- cat $basedir/postfix-auth | grep 'send' |\
- awk '{printf("\%-25s \%-20s \%4d \%10d\n", $5, $1, $6, $7)}' |\
- sort +2 -gr >> $logfile
- echo " " >> $logfile
- fi
- postfix_auth=`cat $basedir/postfix-auth | grep 'local' |\
- wc -l| awk '{print $1}'`
- if [ "$postfix_auth" != "0" ]; then
- echo "经过认证者寄入本机" >> $logfile
- echo "帐号 来源位址 次数 信件容量(KBytes)"| \
- awk '{printf("\%-25s \%-20s \%-6s \%-10s\n", $1, $2, $3, $4)}' >> $logfile
- cat $basedir/postfix-auth | grep 'local' |\
- awk '{printf("\%-25s \%-20s \%4d \%10d\n", $5, $1, $6, $7)}' |\
- sort +2 -gr >> $logfile
- echo " " >> $logfile
- fi
- fi
- # 2.延迟寄出的信件 deferred
- cat $basedir/maillog | grep 'deferred' | awk '{print $6 }' | \
- sort | uniq -c > $basedir/postfix-defer
- defer=`cat $basedir/postfix-defer | awk '{print $1}'`
- if [ "$defer" != "" ]; then
- declare -i I
- I=0
- for II in $defer
- do
- I=$I+1
- defernum[$I]=$II
- done
- defer=`cat $basedir/postfix-defer | awk '{print $2}'`
- I=0
- echo "信件延迟寄出的问题分析" >> $logfile
- echo "来源帐号" "目标帐号" "次数" "信件容量(bytes)" | \
- awk '{printf("\%-32s \%-32s \%4s \%16s\n",$1,$2,$3,$4)}' >> $logfile
- for II in $defer
- do
- I=$I+1
- defertmp=`cat $basedir/maillog | grep $II | grep 'from' |\
- head -n 1`
- deferfrom=`echo $defertmp | sed 's/^.*from\=//g' | \
- sed 's/,.*$//g' | sed 's/<//g' | sed 's/>//g'`
- defersize[$I]=`echo $defertmp | sed 's/^.*size\=//g' |\
- sed 's/,.*$//g'`
- defertmp=`cat $basedir/maillog | grep $II | grep 'to' | \
- grep defer |head -n 1`
- deferto=`echo $defertmp | sed 's/^.*to\=//g' | \
- sed 's/,.*$//g' | sed 's/<//g' | sed 's/>//g'`
- deferreason=`echo $defertmp | cut -d '(' -f2 | sed 's/)//g'`
- echo $deferfrom $deferto ${defernum[$I]} ${defersize[$I]}| \
- awk '{printf("\%-32s \%-32s \%4d \%5d\n",$1,$2,$3,$4/1024)}' >> $logfile
- echo " 延迟原因 ==> " $deferreason >> $logfile
- done
- echo " " >> $logfile
- fi
- # 3. 十大信件
- postfix_10=`cat $basedir/postlog | wc -l | awk '{print $1}'`
- if [ "$postfix_10" != "0" ]; then
- echo "十封最大容量的邮件" >> $logfile
- echo "帐号 来源位址 邮件进出 信件容量(KBytes)"| \
- awk '{printf("\%-35s \%-20s \%-8s \%-10s\n", $1, $2, $3, $4)}' >> $logfile
- cat $basedir/postlog |\
- awk '{printf("\%-35s \%-20s \%-8s \%10d\n", $2, $1, $3, $7/1024)}' |\
- sort +3 -gr | head -n 10 >> $logfile
- echo " " >> $logfile
- fi
- if [ -x /usr/bin/mailq ] ; then
- mailq > $basedir/mailq
- declare -i mailq=`wc -l $basedir/mailq | awk '{print $1}'`
- if [ "$mailq" -ge "3" ] ; then
- echo "放在邮件伫列当中的信件资讯" >> $logfile
- cat $basedir/mailq >> $logfile
- echo " " >> $logfile
- fi
- fi
- if [ "$postfix_auth" == "0" ] && [ "$postfix_local" == "0" ] && [ "$postfix_10" == "0" ];then
- echo "今日没有 Postfix 的相关资讯" >> $logfile
- fi
- cat $basedir/maillog | grep 'postfix.*smtpd.*reject.*deni*' \
- > $basedir/postfix-nodeny
- postfix_nodeny=`wc -l $basedir/postfix-nodeny | awk '{print $1}'`
- if [ "$postfix_nodeny" != "0" ]; then
- echo "被拒绝寄出的邮件资料" >> $logfile
- sed 's/^.* from //g' $basedir/postfix-nodeny | \
- sed 's/://g' | sort| \
- awk '{print "From: "$1 "\n" "To: "$3 "\n"}' >> $logfile
- echo " " >> $logfile
- fi
- cat $basedir/maillog | grep 'postfix.*smtpd.*SASL.*authen.*fail' \
- > $basedir/postfix-noauth
- postfix_noauth=`wc -l $basedir/postfix-noauth| awk '{print $1}'`
- if [ "$postfix_noauth" != "0" ]; then
- echo "认证失败的纪录资料" >> $logfile
- cat $basedir/postfix-noauth >> $logfile
- echo " " >> $logfile
- fi
- cat $basedir/maillog | egrep "(discard|reject: h|reject: b)" \
- > $basedir/postfix-filtering
- postfix_filtering=`wc -l $basedir/postfix-filtering | awk '{print $1}'`
- if [ "$postfix_filtering" != "0" ]; then
- echo "寄入本机时由於不合规则而被过滤掉的邮件" >> $logfile
- echo "被过滤掉的邮件数量 : $postfix_filtering " >> $logfile
- sed 's/^.*discard: //g' $basedir/postfix-filtering|\
- sed 's/proto.*$//g'|sed 's/from=.* to/to/g'|\
- sed 's/ from /\~/g'|sed 's/ to=/\~/g'|\
- awk '{FS="~"}{print "From: "$2 "\n" "To: "$3 "\n" "Mode: "$1 "\n"}'\
- >> $logfile
- echo " " >> $logfile
- fi
- }
- #####################################################################
- # 8 Proftp 的登录资料的功能函数 (Function) !
- funcproftp () {
- echo "================= Proftp 的登录档资讯汇整 ====================" >> $logfile
- proftpright=`cat $basedir/securelog |grep "proftp.*USER.*Login succes" |\
- wc -l | awk '{print $1}'`
- if [ "$proftpright" != "0" ]; then
- echo "Pro-FTP-成功登入次数: $proftpright" | \
- awk '{printf( "\%-41s \%3d\n", $1, $2)}' >> $logfile
- echo "帐号 来源位址 次数 "| \
- awk '{printf("\%-15s \%-25s \%-4s\n", $1, $2, $3)}' >> $logfile
- cat $basedir/securelog | grep "proftp.*USER.*Login succes" | \
- sed 's/^.*USER//g' | sed 's/:.*$//g' |\
- awk '{print $1}' > $basedir/securelogproftp-1
- cat $basedir/securelog | grep "proftp.*USER.*Login succes" | \
- sed 's/^.*\[//g' | sed 's/^.*\[//g' |\
- sed 's/\].*$//g' | awk '{print $1}' \
- > $basedir/securelogproftp-2
- paste $basedir/securelogproftp-1 $basedir/securelogproftp-2 \
- > $basedir/securelogproftp
- /bin/awk '{ for( i=0; i<1; i++ ) Number[$i]++ };
- END{ for( course in Number )
- printf( "\%-35s \%3d\n", course, Number[course])}' \
- $basedir/securelogproftp | sort +2 -gr | \
- awk '{printf("\%-15s \%-25s \%3d\n", $1, $2, $3)}' >> $logfile
- echo " " >> $logfile
- fi
- proftperr1=`cat $basedir/securelog |grep "proftp.*USER.*Login fail" |\
- wc -l | awk '{print $1}'`
- if [ "$proftperr1" != "0" ]; then
- echo "Pro-FTP-错误登入次数: $proftperr1" | \
- awk '{printf( "\%-41s \%3d\n", $1, $2)}' >> $logfile
- echo "帐号 来源位址 次数 "| \
- awk '{printf("\%-15s \%-25s \%-4s\n", $1, $2, $3)}' >> $logfile
- cat $basedir/securelog | grep "proftp.*USER.*Login fail" | \
- sed 's/^.*USER//g' | \
- awk '{print $1}' > $basedir/securelogproftpe1-1
- cat $basedir/securelog | grep "proftp.*USER.*Login fail" | \
- sed 's/^.*\[//g' | sed 's/^.*\[//g' |\
- sed 's/\].*$//g' | awk '{print $1}' \
- > $basedir/securelogproftpe1-2
- paste $basedir/securelogproftpe1-1 $basedir/securelogproftpe1-2 \
- > $basedir/securelogproftpe1
- /bin/awk '{ for( i=0; i<1; i++ ) Number[$i]++ };
- END{ for( course in Number )
- printf( "\%-35s \%3d\n", course, Number[course])}' \
- $basedir/securelogproftpe1 | sort +2 -gr | \
- awk '{printf("\%-15s \%-25s \%3d\n", $1, $2, $3)}' >> $logfile
- echo " " >> $logfile
- fi
- proftperr2=`cat $basedir/securelog |grep "proftp.*USER.*no such user" |\
- wc -l | awk '{print $1}'`
- if [ "$proftperr2" != "0" ]; then
- echo "Pro-FTP-错误登入次数: $proftperr2" | \
- awk '{printf( "\%-41s \%3d\n", $1, $2)}' >> $logfile
- echo "帐号 来源位址 次数 "| \
- awk '{printf("\%-15s \%-25s \%-4s\n", $1, $2, $3)}' >> $logfile
- cat $basedir/securelog | grep "proftp.*USER.*no such user" | \
- sed 's/^.*USER//g' | sed 's/:.*$//g' |\
- awk '{print $1}' > $basedir/securelogproftpe2-1
- cat $basedir/securelog | grep "proftp.*USER.*no such user" | \
- sed 's/^.*\[//g' | sed 's/^.*\[//g' |\
- sed 's/\].*$//g' | awk '{print $1}' \
- > $basedir/securelogproftpe2-2
- paste $basedir/securelogproftpe2-1 $basedir/securelogproftpe2-2 \
- > $basedir/securelogproftpe2
- /bin/awk '{ for( i=0; i<1; i++ ) Number[$i]++ };
- END{ for( course in Number )
- printf( "\%-35s \%3d\n", course, Number[course])}' \
- $basedir/securelogproftpe2 | sort +2 -gr | \
- awk '{printf("\%-15s \%-25s \%3d\n", $1, $2, $3)}' >> $logfile
- echo " " >> $logfile
- fi
- if [ "$proftpright" == "0" ] && [ "$proftperr1" == "0" ] && [ "$proftperr2" == "0" ]; then
- echo "今日没有 Proftp 的相关资讯" >> $logfile
- echo " " >> $logfile
- fi
- }
- #####################################################################
- # 9 Vs-ftp 的登录资料的功能函数 (Function) !
- funvsftp () {
- echo "================= Vs-ftp 的登录档资讯汇整 ====================" >> $logfile
- y="`cat $basedir/dattime`"
- cat /var/log/vsftpd.log |grep "$y" > $basedir/vsftpdlog
- vsftpright=`cat $basedir/messageslog |grep "vsftpd.*can't get client address:" |\
- wc -l | awk '{print $1}'`
- # vsftpright=`cat $basedir/vsftpdlog |grep "$y" |wc -l |awk '{print $1}'`
- if [ "$vsftpright" != "0" ]; then
- echo "Vs-FTP-成功登入次数: $vsftpright" | \
- awk '{printf( "\%-41s \%3d\n", $1, $2)}' >> $logfile
- echo "帐号 来源位址 次数 "| \
- awk '{printf("\%-15s \%-25s \%-4s\n", $1, $2, $3)}' >> $logfile
- cat $basedir/vsftpdlog | grep "proftp.*USER.*Login succes" | \
- sed 's/^.*USER//g' | sed 's/:.*$//g' |\
- awk '{print $1}' > $basedir/securelogproftp-1
- cat $basedir/securelog | grep "proftp.*USER.*Login succes" | \
- sed 's/^.*\[//g' | sed 's/^.*\[//g' |\
- sed 's/\].*$//g' | awk '{print $1}' \
- > $basedir/securelogproftp-2
- paste $basedir/securelogproftp-1 $basedir/securelogproftp-2 \
- > $basedir/securelogproftp
- /bin/awk '{ for( i=0; i<1; i++ ) Number[$i]++ };
- END{ for( course in Number )
- printf( "\%-35s \%3d\n", course, Number[course])}' \
- $basedir/securelogproftp | sort +2 -gr | \
- awk '{printf("\%-15s \%-25s \%3d\n", $1, $2, $3)}' >> $logfile
- echo " " >> $logfile
- fi
- vsftperr1=`cat $basedir/messageslog |grep "vsftpd.*authentication failure" |\
- wc -l | awk '{print $1}'`
- if [ "$vsftperr1" != "0" ]; then
- echo "Vs-FTP-错误登入次数: $vsftperr1" | \
- awk '{printf( "\%-41s \%3d\n", $1, $2)}' >> $logfile
- echo "帐号 来源位址 次数 "| \
- awk '{printf("\%-15s \%-25s \%-4s\n", $1, $2, $3)}' >> $logfile
- cat $basedir/messageslog | grep "vsftpd.*authentication failure" | \
- sed 's/^.*user=//g' | \
- awk '{print $1}' > $basedir/securelogvsftpe1-1
- cat $basedir/messageslog | grep "proftp.*USER.*Login fail" | \
- sed 's/^.*\[//g' | sed 's/^.*\[//g' |\
- sed 's/\].*$//g' | awk '{print $1}' \
- > $basedir/securelogvsftpe1-2
- paste $basedir/securelogvsftpe1-1 $basedir/securelogvsftpe1-2 \
- > $basedir/securelogproftpe1
- /bin/awk '{ for( i=0; i<1; i++ ) Number[$i]++ };
- END{ for( course in Number )
- printf( "\%-35s \%3d\n", course, Number[course])}' \
- $basedir/securelogvsftpe1 | sort +2 -gr | \
- awk '{printf("\%-15s \%-25s \%3d\n", $1, $2, $3)}' >> $logfile
- echo " " >> $logfile
- fi
- vsftperr2=`cat $basedir/messageslog |grep "vsftpd.*check pass" |\
- wc -l | awk '{print $1}'`
- if [ "$vsftperr2" != "0" ]; then
- echo "Vs-FTP-错误登入次数: $vsftperr2" | \
- awk '{printf( "\%-41s \%3d\n", $1, $2)}' >> $logfile
- echo "帐号 来源位址 次数 "| \
- awk '{printf("\%-15s \%-25s \%-4s\n", $1, $2, $3)}' >> $logfile
- cat $basedir/messageslog | grep "vsftpd.*check pass" | \
- sed 's/^.*user//g' | \
- awk '{print $1}' > $basedir/securelogvsftpe2-1
- cat $basedir/messageslog | grep "vsftpd.*check pass" | \
- sed 's/^.*\[//g' | sed 's/^.*\[//g' |\
- sed 's/\].*$//g' | awk '{print $1}' \
- > $basedir/securelogvsftpe2-2
- paste $basedir/securelogvsftpe2-1 $basedir/securelogvsftpe2-2 \
- > $basedir/securelogvsftpe2
- /bin/awk '{ for( i=0; i<1; i++ ) Number[$i]++ };
- END{ for( course in Number )
- printf( "\%-35s \%3d\n", course, Number[course])}' \
- $basedir/securelogvsftpe2 | sort +2 -gr | \
- awk '{printf("\%-15s \%-25s \%3d\n", $1, $2, $3)}' >> $logfile
- echo " " >> $logfile
- fi
- cat $basedir/vsftpdlog |awk '{print $7}' >$basedir/ftpip
- cat $basedir/vsftpdlog |awk '{print $14}' >$basedir/ftpwho
- # ftpsum=`cat $basedir/vsftpdlog |awk '{print $8}'`
- cat $basedir/vsftpdlog |awk '{print $9}' |cut -d "/" -f4 >$basedir/ftpfile
- ftpsize=`cat $basedir/vsftpdlog |awk '{print $8}'|awk '{ftps=ftps+$1} END {print ftps/1024}'`
- ftpin=`cat $basedir/vsftpdlog |awk '{print $8,$12}'|grep "i"|awk '{print $1}'| \
- awk '{ftps=ftps+$1} END {print ftps/1024}'`
- ftpout=`cat $basedir/vsftpdlog |awk '{print $8,$12}'|grep "o"|awk '{print $1}'| \
- awk '{ftps=ftps+$1} END {print ftps/1024}'`
- echo -e "Vs-ftp total data size(Kbyte):$ftpsize\n" >>$logfile
- echo -e "Vs-ftp input date size(Kbyte):$ftpin \n" >>$logfile
- echo -e "Vs-ftp output data size(Kbyte):$ftpout \n" >>$logfile
- echo -e "Vs-ftp In/Out file:\n" >>$logfile
- paste $basedir/ftpwho $basedir/ftpip $basedir/ftpfile > $basedir/ftplog
- echo "帐号 来源位址 文件"| \
- awk '{printf("\%-15s \%-25s \%-4s\n", $1, $2, $3)}' >> $logfile
- cat "$basedir"/ftplog |awk '{printf("\%-15s \%-25s \%-4s\n",$1,$2,$3)}' >>$logfile
- # /bin/awk '{ for( i=0; i<1; i++ ) Number[$i]++ };
- # END{ for( course in Number )
- # printf( "\%-35s \%3d\n", course, Number[course])}' \
- # $basedir/ftplog | sort +2 -gr | \
- # awk '{printf("\%-15s \%-25s \%3d\n", $1, $2, $3)}' >> $logfile
- echo " " >> $logfile
- if [ "$vsftpright" == "0" ] && [ "$vsftperr1" == "0" ] && [ "$vsftperr2" == "0" ]; then
- echo "今日没有 Vs-ftp 的相关资讯" >> $logfile
- echo " " >> $logfile
- fi
- }
- #####################################################################
- # 9 procmail 的登录资料的功能函数 (Function) !
- funcprocmail () {
- echo "================= Procmail 的登录档资讯汇整 ====================" >> $logfile
- echo "底下为今天信寄入本机的资讯" >> $logfile
- logprocmail=`/bin/ls /var/log/ | grep procmail| head -n 1`
- declare -i nuall=`wc -l /var/log/"$logprocmail" | awk '{print $1}'`
- dayproc=`cat "$basedir/dattime"`
- declare -i nufir=`grep -n "$dayproc" \
- /var/log/$logprocmail | cut -d ':' -f1|head -n 1`
- declare -i num=$nuall-$nufir+1
- tail -n $num /var/log/$logprocmail >> $logfile
- echo " " >> $logfile
- }
- #####################################################################
- # 9 开始测试需要进行的模组!
- input=`grep "22" $basedir/netstat.tmp`
- if [ "$input" != "" ]; then
- funcssh
- fi
- input=`grep "21" $basedir/netstat.tmp`
- if [ "$input" != "" ]; then
- [ -f /etc/ftpaccess ] && funcwuftp
- proftppro=`which proftpd 2> /dev/null`
- if [ "$proftppro" != "" ]; then
- funcproftp
- else
- funvsftp
- fi
- fi
- input=`grep "110" $basedir/netstat.tmp`
- if [ "$input" != "" ]; then
- funcpop3
- fi
- input=`grep "25" $basedir/netstat.tmp`
- if [ "$input" != "" ]; then
- sendmailtest=`ps -aux|grep sendmail| grep -v 'grep'`
- if [ "$sendmailtest" != "" ] ; then
- funcsendmail
- else
- funcpost
- fi
- procmail=`/bin/ls /var/log| grep procmail| head -n 1`
- if [ "$procmail" != "" ] ; then
- funcprocmail
- fi
- fi
- #####################################################################
- # 10. 全部的资讯列出给人瞧一瞧!
- if [ "$outputall" == "yes" ] || [ "$outputall" == "YES" ] ; then
- echo " " >> $logfile
- echo "================= 全部的登录档资讯汇整 =======================" >> $logfile
- echo "1. 重要的登录记录档 ( Secure file )" >> $logfile
- echo " 说明:已经取消了 pop3 的资讯!" >> $logfile
- grep -v 'pop3' $basedir/securelog >> $logfile
- echo " " >> $logfile
- echo "2. 使用 last 这个指令输出的结果" >> $logfile
- last -20 >> $logfile
- echo " " >> $logfile
- echo "3. 将特重要的 /var/log/messages 列出来瞧瞧!" >> $logfile
- cat $basedir/messageslog | egrep -vi '\bcrond\[' >> $logfile
- fi
- # At last! we send this mail to you!
- mail -s "$hosthome 的登录档分析结果" $email < $logfile
复制代码 |
|