[Logwatch] openvpn-2.0

Michael Weiser michael at weiser.dinsnail.net
Thu Jun 23 11:08:30 MST 2005


Hi,

I did some patching to logwatch to have some more infos of openvpn and
make it ignore --verb 3 log messages. Perhaps the attached patch is of
help to someone else.
-- 
bye, Micha
-------------- next part --------------
--- openvpn	2005/06/19 04:59:38	1.1
+++ openvpn	2005/06/19 17:11:33
@@ -20,23 +20,66 @@
 
 while (defined($ThisLine = <STDIN>)) {
    chomp($ThisLine);
+
+   # normalise - this could possibly be used for more detailed per host statistics
+   # further down
+   $ThisLine =~ s/^([\d]+\.[\d]+\.[\d]+\.[\d]+)\:([\d]+) //;
+   $ThisLine =~ s/^([\S]+)\/([\d]+\.[\d]+\.[\d]+\.[\d]+)\:([\d]+) //;
+
    if (
+      ($ThisLine =~ /^\/sbin\//) or
+      ($ThisLine =~ /^Closing TUN\/TAP interface/) or
+      ($ThisLine =~ /^Control Channel Authentication/) or
+      ($ThisLine =~ /^Control Channel MTU parms/) or
+      ($ThisLine =~ /^Data Channel MTU parms/) or
+      ($ThisLine =~ /^Diffie-Hellman initialized/) or
+      ($ThisLine =~ /^Exiting/) or
+      ($ThisLine =~ /^Expected Remote Options/) or
+      ($ThisLine =~ /^GID set to/) or
+      ($ThisLine =~ /^IFCONFIG POOL/) or
+      ($ThisLine =~ /^IMPORTANT: OpenVPN's default port number is now 1194/) or
+      ($ThisLine =~ /^Initialization Sequence Completed/) or
+      ($ThisLine =~ /^LZO compression initialized/) or
+      ($ThisLine =~ /^Local Options hash/) or
+      ($ThisLine =~ /^MULTI: Learn:/) or
+      ($ThisLine =~ /^MULTI: multi_init called/) or
+      ($ThisLine =~ /^MULTI: multi_create_instance called/) or
+      ($ThisLine =~ /^MULTI: primary virtual IP for/) or
+      ($ThisLine =~ /^Need IPv6 code in mroute_extract_addr_from_packet/) or
+      ($ThisLine =~ /^OPTIONS IMPORT/) or
+      ($ThisLine =~ /^PUSH: Received control message/) or
+      ($ThisLine =~ /^Re-using SSL\/TLS context/) or
+      ($ThisLine =~ /^SENT CONTROL/) or
+      ($ThisLine =~ /^TCP\/UDP: Closing socket/) or
+      ($ThisLine =~ /^TLS-Auth MTU parms/) or
+      ($ThisLine =~ /^TLS: Initial packet from/) or
       ($ThisLine =~ /^TLS: soft reset/) or
       ($ThisLine =~ /^TLS: tls_process: killed expiring key$/) or
-      ($ThisLine =~ /^Control Channel: TLSv1, cipher/) or
-      ($ThisLine =~ /^Data Channel Decrypt: Cipher/) or
-      ($ThisLine =~ /^Data Channel Decrypt: Using/) or
-      ($ThisLine =~ /^Data Channel Encrypt: Cipher/) or
-      ($ThisLine =~ /^Data Channel Encrypt: Using/)
+      ($ThisLine =~ /^TUN\/TAP device tun[\d]+ opened/) or
+      ($ThisLine =~ /^UDPv4 link /) or
+      ($ThisLine =~ /^UID set to/) or
+      ($ThisLine =~ /^chroot to /)
    ) {
       # Don't care about these...
-   }  elsif (($status, $org, $cn) = ( $ThisLine =~ /^VERIFY (.*): depth=.*O=(.*)\/OU=.*CN=(.*)\// )) {
+   }  elsif (($status, $dn) = ( $ThisLine =~ /^VERIFY (.*): depth=.*, (.*)\// )) {
 
 		#TLS: tls_process: killed expiring key:
 		#VERIFY OK: depth=0, /C=US/ST=TX/O=Aidant.Enterprises/OU=IT/CN=delta.aidant.net/Email=keymaster at aidant.net: 23 Time(s)
-      $VerifyList{"status: $status ORG: $org CN: $cn"}++;
-		 
-
+      $VerifyList{"status: $status DN: $dn"}++;
+   } elsif ($ThisLine =~ m/^MULTI: new incoming connection would exceed maximum number of clients/) {
+      $MaxClients++;
+   } elsif ($ThisLine =~ m/^OpenVPN [\d.]+ [\w-]+ [\[\]\w ]+ built on [\w]+ [\d]+ [\d]+$/) {
+      $VersionInfo{$ThisLine} = 1;
+   } elsif (($config, $peer, $port) = ($ThisLine =~ m/^\[([\S]+)\] Peer Connection Initiated with ([\d]+\.[\d]+\.[\d]+\.[\d]+)\:([\d]+)$/)) {
+      push (@{$Connections{$config}{$peer}}, $port);
+   } elsif (($dir, $channel, $bits, $algo) = ($ThisLine =~ /^(Incoming|Outgoing) (Control Channel) Authentication: Using ([\d]+ bit) message hash '(\S+)' for HMAC authentication/)) {
+      $Auth{$channel}{$dir}{"$bits $algo"}++;
+   } elsif (($channel, $dir, $bits, $algo) = ($ThisLine =~ /^(Data Channel) (Encrypt|Decrypt): Using ([\d]+ bit) message hash '(\S+)' for HMAC authentication/)) {
+      $Auth{$channel}{$dir}{"$bits $algo"}++;
+   } elsif (($channel, $proto, $cipher) = ($ThisLine =~ /^(Control Channel): (TLSv1), cipher (TLSv1\/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA)/)) {
+      $Crypt{$channel}{$proto}{$cipher}++;
+   } elsif (($channel, $dir, $algo, $bits) = ($ThisLine =~ /^(Data Channel) (Encrypt|Decrypt): Cipher '(\S+)' initialized with ([\d]+ bit) key/)) {
+      $Crypt{$channel}{$dir}{"$bits $algo"}++;
    } else {
       # Report any unmatched entries...
       # remove PID from named messages
@@ -56,6 +99,61 @@
    }
 }
 
+if ($MaxClients) {
+   print "\nMaximum Number of Clients reached $MaxClients Time(s)\n";
+}
+
+if (keys %Connections) {
+   print "\nConnections:";
+   foreach $config (sort keys %Connections) {
+      print "\n   Configuration $config:";
+      foreach $peer (sort keys %{$Connections{$config}}) {
+         $ports = $Connections{$config}{$peer};
+         print "\n      $peer connected " . ($#{$ports} + 1) . " Time(s), Ports:";
+         for ($i = 0; $i <= $#{$ports}; $i++) {
+            print "\n        " if (($i + 16) % 20 == 0);
+            print " $$ports[$i]";
+         }
+      }
+      print "\n";
+   }
+}
+
+if (keys %Auth) {
+   print "\nCiphers used for Authentication:";
+   foreach $channel (sort keys %Auth) {
+      print "\n   $channel:";
+      foreach $dir (sort keys %{$Auth{$channel}}) {
+         print "\n      $dir:";
+         foreach $algo (sort keys %{$Auth{$channel}{$dir}}) {
+            print "\n         $algo used $Auth{$channel}{$dir}{$algo} Time(s)";
+         }
+      }
+      print "\n";
+   }
+}
+
+if (keys %Crypt) {
+   print "\nCiphers used for Encryption:";
+   foreach $channel (sort keys %Crypt) {
+      print "\n   $channel:";
+      foreach $dir (sort keys %{$Crypt{$channel}}) {
+         print "\n      $dir:";
+         foreach $algo (sort keys %{$Crypt{$channel}{$dir}}) {
+            print "\n         $algo used $Crypt{$channel}{$dir}{$algo} Time(s)";
+         }
+      }
+      print "\n";
+   }
+}
+
+if (keys %VersionInfo) {
+   print "\nVersion Information:\n";
+   foreach $vers (sort keys %VersionInfo) {
+      print "   $vers\n"
+   }
+}
+
 if (keys %OtherList) {
    print "\n**Unmatched Entries**\n";
    foreach $line (sort {$a cmp $b} keys %OtherList) {


More information about the Logwatch mailing list