#!/bin/sh # This is a script to parse syslog messages from a Barracuda Spam Firewall and # extract information about blocked Virus activity. # It makes several assumptions (not the least of which that your barracuda logs to /var/log/maillog), # and might need to be tweaked (or not work at all) if your syslog format differs from the one # I was using in any way. # This script lives at http://www.elifulkerson.com now=`date |awk '{printf "%s %2s", $2, $3}' date echo echo Most Popular Detected Virus Origins echo ----------------------------------- for msgid in `cat /var/log/maillog |grep "$now" |grep virus_block |awk '{print $6}'|awk '{FS=":"; print $1}'`; do cat /var/log/maillog |grep $msgid |grep connect |awk '{print $7}' done |sort |uniq -c |sort -rn echo echo echo Most Popular Detected Virus Payloads echo ------------------------------------ for msgid in `cat /var/log/maillog |grep "$now" |grep virus_block |awk '{print $6}'|awk '{FS=":"; print $1}'`; do cat /var/log/maillog |grep $msgid |grep virus_block |awk '{print $7}' done |sort |uniq -c |sort -rn echo echo This report is based on the syslog output of the Barricuda Spam Firewall, and only notes viruses attempting to pass through it.