shell script email format / condition reworking
Question
context: im working on a redhat radius Server and i have a Shell script which sends me an email every time an unauthorized user tries to Access the Network (eg: Invalid User: Switch: Switch xxx | Port: xx | Mac-Adress: xxxxxxxxxxxxxx)
my script Looks like the following:
#!/bin/bash
while :
do
if [ ! -e myFile ] ; then
grep Invalid radius.log > myFile
mailx -E -s Radius-Invalid-User myuser@email.com < myFile
else
comm -23 <(grep Trigger-Word radius.log) myFile| mailx -E -s Radius-Invalid-User myuser@mail.com
grep Trigger-Word radius.log > myFile
fi
sleep 1
done
This script works fine and does exactly what it should do, but the Output in the mail is just the line from the logfile and pretty bad to read:
Mon Jan 22 09:38:24 2018 : Auth: (18) Invalid user: [000000000] (from client client-id port 15 cli xx-xx-xx-xx-xx-xx) switchname Port: |15|
so i have to reparse it. And there the trouble starts.
I tried to rework it so that the mail output is:
|-------------------------------------------------------------|
Switch:
|-------------------------------------------------------------|
Port-Nr:
|-------------------------------------------------------------|
MAC-Address:
|-------------------------------------------------------------|
i thought the script part should look like the following:
(
echo "|-------------------------------------------------------------|"
echo " "
echo " Switch: `awk 'END {print $19}' myFile`"
echo " "
echo "|-------------------------------------------------------------|"
echo " "
echo " Port-Nr: `awk 'END {print $21}' myFile`"
echo " "
echo "|-------------------------------------------------------------|"
echo " "
echo " MAC-Address: `awk 'END {print $11}' myFile`"
echo " "
echo "|-------------------------------------------------------------|"
) | mailx -E -s Radius myuser@mail.com
the Problem here is, that the mail is not empty anymore, so the -E from the mailx command does not help + it does not check anymore if this message was sent already. Because it is an endless loop it sends permanent mails with the "blank form".
Can someone help me how to fix it that the script does the exact same Thing the first script does, but with sending the mail in a proper format.
if you need an more information please let me know Big thanks in advance
2 answers
solution1
2 2018-01-22 13:32:22
#!/bin/bash
l=radius.log # logfile, all logs
m=myFile
_sendMail(){ # send mail if not empty
local f msg="$(</dev/stdin)" # mail contents
if [[ -n "$msg" ]]; then # if contents not empty
while read -r -a f || [[ -n "${f[20]}" ]]; do # read line by line
[[ -z "${f[20]}" ]] && continue # ignore mal-formatted log
echo "|-------------------------------------------------------------|"
echo " Switch: ${f[18]}"
echo "|-------------------------------------------------------------|"
echo " Port-Nr: ${f[20]}"
echo "|-------------------------------------------------------------|"
echo " MAC-Address: ${f[10]}"
echo "|-------------------------------------------------------------|"
done <<<"$msg" | (echo "-----> $1"; cat) # fake sending for test
#done <<<"$msg" | mailx -E -s "$1" myuser@email.com # real sending, $1 = subject
fi
}
while :; do # endless loop
if [[ ! -e "$m" ]]; then
grep "Invalid user" "$l" >"$m"
_sendMail "Invalid $l" <"$m"
else
n=$(grep "Invalid user" "$l")
comm -23 <(echo "$n") "$m" | _sendMail "Radius Invalid User"
echo "$n" >"$m"
fi
sleep 1
done
To test:
- Run the
bashscript From another terminal, continuously add log lines to
radius.log, example:$ echo 'Auth: (18) Invalid user: [000000000] (from client client-id port 15 cli xx-xx-xx-xx-xx-xx) switchname Port: |15|' >>radius.logThe
bashscript detect the new logs and send mail if that log line contain "Invalid user:".
Outputs:
$ ./report-error.sh
-----> Radius Invalid User
|-------------------------------------------------------------|
Switch: switchname
|-------------------------------------------------------------|
Port-Nr: |23|
|-------------------------------------------------------------|
MAC-Address: [000000000]
|-------------------------------------------------------------|
-----> Radius Invalid User
|-------------------------------------------------------------|
Switch: switchname
|-------------------------------------------------------------|
Port-Nr: |33|
|-------------------------------------------------------------|
MAC-Address: [000000000]
|-------------------------------------------------------------|
-----> Radius Invalid User
|-------------------------------------------------------------|
Switch: switchname
|-------------------------------------------------------------|
Port-Nr: |33|
|-------------------------------------------------------------|
MAC-Address: [000000000]
|-------------------------------------------------------------|
|-------------------------------------------------------------|
Switch: switchname
|-------------------------------------------------------------|
Port-Nr: |33|
|-------------------------------------------------------------|
MAC-Address: [000000000]
|-------------------------------------------------------------|
solution2
1 2018-01-22 14:09:02
i solved it by myself :
#!/bin/bash
while :
do
if [ ! -e RadiusLogInvalidarchive ] ; then
grep Invalid radius.log > RadiusLogInvalidArchive
mailx -E -s Radius-Invalid-User myuser@mail.com < RadiusLogInvalidArchive
else
comm -2 -3 <(grep Invalid radius.log) RadiusLogInvalidArchive > testFile
if [ -s testFile ] ; then
awk ' BEGIN {
print "|-------------------------------------------------Invalid User-----------------------------------------------------|"
print " "
print " >> Port-NR << >> Switch << >> MAC-Address << "
print " "}
{print " ", $22, " ", $19, " ", $11}' testFile | mailx -E -s Radius-Test myuser@mail.com
fi
grep Invalid radius.log > RadiusLogInvalidArchive
if [ -f testFile ] ; then
rm testFile
fi
fi
sleep 1
done
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.