Eli Fulkerson .com HomeProjectsSyslog-scripts-for-barracuda-spam-firewall
 

Syslog parsing scripts for the Barracuda Spam Firewall

Description:

The Barracuda Spam Firewall has the capability to log to an external syslog server. These are scripts to parse the resulting logfile (/var/log/mail in my implementation) and to glean usable data from them. In particular, I was interested in pulling error and virus information out and presenting them neatly.

Platform:

  • Any platform that supports bash. (Probably sh as well, but was tested on a system where sh --> bash.) Relies on awk and various other standard gnu utils, but nothing out of the ordinary.

    • barracuda_error.sh

    Parses /var/log/mail and generates a list of Barracuda errors for the current day.

    #!/bin/sh

# This is a script to parse syslog messages from a Barracuda Spam Firewall and
# extract only the error messages.

# It makes several assumptions (not the least of which that your barracuda logs to /var/log/maillog),
# and might need to be tweaked (or not work at all) if your syslog format differs from the one
# I was using in any way.

# This script lives at http://www.elifulkerson.com

now=`date |awk '{printf "%s %2s", $2, $3}'`
date
echo 

echo Daily Barracuda Errorlog
echo ------------------------
cat /var/log/maillog |grep "$now" |grep barracuda |grep error | awk '{print substr($0,index($0,$7),132)}' |sort |uniq -c |sort -rn

echo
echo This report is based on the syslog output of the Barricuda Spam Firewall.

    Download (plain text)

    barracuda_virus.sh

    Parses /var/log/mail and generates a list of virus activity seen by the Barracuda for the current day.

    #!/bin/sh

# This is a script to parse syslog messages from a Barracuda Spam Firewall and
# extract information about blocked Virus activity.

# It makes several assumptions (not the least of which that your barracuda logs to /var/log/maillog),
# and might need to be tweaked (or not work at all) if your syslog format differs from the one
# I was using in any way.

# This script lives at http://www.elifulkerson.com

now=`date |awk '{printf "%s %2s", $2, $3}'
date
echo 
echo Most Popular Detected Virus Origins
echo -----------------------------------
for msgid in `cat /var/log/maillog |grep "$now" |grep virus_block |awk '{print $6}'|awk '{FS=":"; print $1}'`; do
	cat /var/log/maillog |grep $msgid |grep connect |awk '{print $7}'
done |sort |uniq -c |sort -rn

echo
echo

echo Most Popular Detected Virus Payloads
echo ------------------------------------
for msgid in `cat /var/log/maillog |grep "$now" |grep virus_block |awk '{print $6}'|awk '{FS=":"; print $1}'`; do
	cat /var/log/maillog |grep $msgid |grep virus_block |awk '{print $7}'
done |sort |uniq -c |sort -rn

echo
echo This report is based on the syslog output of the Barricuda Spam Firewall, and only notes viruses attempting to pass through it.

    Download (plain text)

    © 2024 Eli Fulkerson. All rights reserved. Sitemap.