/usr/sbin/fwlw_notify is in fwlogwatch 1.4-1.
This file is owned by root:root, with mode 0o755.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 | #!/bin/sh
# Copyright (C) 2000-2013 Boris Wesslowski
# $Id: fwlw_notify 731 2013-05-17 14:15:23Z bw $
# fwlogwatch realtime notification script
# You can invoke a custom action through this script when fwlogwatch
# issues an alert. A few commented examples are shown below.
# The available arguments (if activated in the configuration, if not the
# fields will contain a '-') are:
# $1 count
# $2 source IP
# $3 destination IP
# $4 protocol
# $5 source port
# $6 destination port
### Use the following lines for email notifications, $EMAIL is the recipient
#
#EMAIL=root@localhost
#
#/bin/echo "fwlogwatch ALERT on $HOSTNAME: $1 packet(s) from $2 to $3" | /bin/mail -s "fwlogwatch ALERT: $1 packet(s) from $2" $EMAIL
### Use the following lines for SMB notifications, $SMBHOST is the host the
### alert should appear
#
#SMBHOST=hostname
#
#/bin/echo "fwlogwatch ALERT on $HOSTNAME: $1 packet(s) from $2" | /usr/bin/smbclient -M $SMBHOST
### Use the following line to generate a custom log entry
#
#/usr/bin/logger -p security.alert -t "fwlogwatch ALERT" "$1 packet(s) from $2"
### You may also want to log alerts to a file
#
#NOW=`date +'%Y-%m-%d-%H-%M-%S'`
#/bin/echo "$NOW: $1 packet(s) from $2 to $3" >> /tmp/fwlw.log
### Insert your own ideas here, anything is possible. :-)
|