Nightly Filter Summary E-Mail
Scott and I talked about this earlier on IRC. Could be a package for 2.0, or worked in somehow.
A daemon of some sort could check filter logs every 5 minutes and collect summary data, then store it in an xml or serialized data file. At the end of a 24 hour period, this data could be used to generate a report on the filter activity for the day.
The report could look similar to the pie charts output by the filter log summary graphs, but those only work on whatever data is currently in the log.
It would need to keep track of the last log message it read to ensure that it isn't counting things more than once. If the entire log file wraps in under 5 minutes, it should log an error telling the admin to increase the log size (also feature that doesn't yet exist, but should be fairly easy to add.)
-Update to 2.1.2.
NSD 2.1.2 release notes:
- NSD now fully supports unknown record types using the notation
specified in RFC3597.
- Support for the following RR types has been added: WKS, X25, ISDN,
RT, NSAP, PX, NAPTR, KX, CERT, DNAME, and APL. DNAME special
processing is not supported.
- Bug #84: NSD now uses SIGUSR1 instead of SIGILL to report stats.
- Bug #85: Support for WKS records.
- Bug #86: The characters "#%&^?" can now be used without backslash
in zone file domain names.
- Plugin callback return type fixed.
- The maximum message length for IPv6 UDP packets is now limited to
the IPv6 minimum MTU (1280) unless the IPV6_USE_MIN_MTU socket
option is supported.
Submitted by: Olafur Osvaldsson <email@example.com> (maintainer)
#1 Updated by Jim Pingle about 8 years ago
And /etc/periodic/security/520.pfdenied on a full system