diff -urN smeserver-xt_geoip-1.3.1.old/root/usr/share/xt_geoip/geoip_stats smeserver-xt_geoip-1.3.1/root/usr/share/xt_geoip/geoip_stats --- smeserver-xt_geoip-1.3.1.old/root/usr/share/xt_geoip/geoip_stats 2020-06-07 23:12:41.000000000 +0400 +++ smeserver-xt_geoip-1.3.1/root/usr/share/xt_geoip/geoip_stats 2021-03-16 23:40:49.839000000 +0400 @@ -11,14 +11,14 @@ PREF="ssh" LOGDIR="/var/log/sshd" CMD1='cat' - CMD2=' | /usr/local/bin/tai64nlocal | grep' + CMD2=' | grep -i ' CMD3=' | grep -E "(Failed password|Invalid user \w+ from)" | sed -e "s/^.*from //" -e "s/ port.*$//" >> $RESFILE' ;; "ipt") PREF="ipt" LOGDIR="/var/log/iptables" - CMD1='cat' - CMD2=' | /usr/local/bin/tai64nlocal | grep ' + CMD1='zcat -f ' + CMD2=' | grep -i ' CMD3=' | grep "GeoIP BAN" | sed -e "s/^.*SRC=//" -e "s/ DST=.*$//" >> $RESFILE' ;; *) @@ -26,6 +26,8 @@ exit 1 ;; esac + + # files of the day RESFILE="$STATDIR/${PREF}_ip.lst" RES2FILE="$STATDIR/${PREF}_country.lst" @@ -35,6 +37,8 @@ # tempo TMPFILE=$(mktemp $STATDIR/xt_${PREF}.XXXXXXX) # Day - 1 +MONTH=$(date --date '1 day ago' +%B) +LOGDAY="${MONTH:0:3} $(date --date '1 day ago' +%d)" DATE=$(date --date '1 day ago' '+%Y-%m-%d') cd $EXECDIR @@ -54,8 +58,8 @@ # All logfiles update for 2 days, not empty for file in $(find $LOGDIR/* -type f -mtime -2 -size +50c) do - #echo $(echo $CMD1 $file $CMD2 "$DATE" $CMD3) - eval $(echo $CMD1 $file $CMD2 "$DATE" $CMD3) +# echo $(echo $CMD1 $file $CMD2 "'^$LOGDAY'" $CMD3) + eval $(echo $CMD1 $file $CMD2 "'^$LOGDAY'" $CMD3) done # number of incidents by IP, sorted by IP @@ -85,4 +89,3 @@ echo "parse $LOGDIR for $PREF events" cat $RES2FILE fi -