To allow Logwatch to check OpenVPN’s logs running on a Fedora or other Linux system you need to install this script & conf file.
In order for this script & config file to work you must disable both log & log-append in the OpenVPN Server Config File.
;log openvpn.log ;log-append openvpn.log
The Files are:
/etc/logwatch/scripts/openvpn - Logwatch perl module /etc/logwatch/conf/openvpn.conf - Configuration file
/etc/logwatch/scripts/openvpn
#!/usr/bin/perl
##########################################################################
# $Log: openvpn,v $
# Revision 1.0 2005/07/27 17:19:34 hyppo
# Filippo Grassilli http://hyppo.com/email.php
#
# Written and maintained by:
# Filippo Grassilli http://hyppo.com/email.php
##########################################################################
use Logwatch ':ip';
$Debug = $ENV{'LOGWATCH_DEBUG'};
$Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} || 0;
$DoLookup = $ENV{'openvpn_ip_lookup'};
$Detail = $ENV{'openvpn_detail_level'} || $Detail;
if ( $Debug >= 5 ) {
print STDERR "\n\nDEBUG: Inside OpenVPN Filter \n\n";
}
while (defined($ThisLine = <STDIN>)) {
if ( # Ignore...
($ThisLine =~ /Control Channel/) or
($ThisLine =~ /Data Channel (Decrypt|Encrypt|MTU)/) or
($ThisLine =~ /TLS: soft reset/) or
($ThisLine =~ /reading client specific options/) or
($ThisLine =~ /Expected Remote/) or
($ThisLine =~ /LZO compression/) or
($ThisLine =~ /killed expiring key/) or
($ThisLine =~ /Diffie-Hellman initialized/) or
($ThisLine =~ /Local Options hash/) or
($ThisLine =~ /Replay\-window backtrack/) or
($ThisLine =~ /TLS: Initial packet/) or
($ThisLine =~ /ip (addr add|link set) dev/) or
($ThisLine =~ /Re\-using SSL/) or
($ThisLine =~ /MULTI: Learn/) or
($ThisLine =~ /Received control message/) or
($ThisLine =~ /(Restart pause|process restarting)/) or
($ThisLine =~ /Inactivity timeout/) or
($ThisLine =~ /CRL CHECK OK/) or
($ThisLine =~ /VERIFY OK: nsCertType/) or
($ThisLine =~ /\d+:\d+ SIGUSR1\[.*restart/) or
($ThisLine =~ /^TCP\/UDP: Closing socket/) or
($ThisLine =~ /^UDPv4 link /) or
($ThisLine =~ /^TUN\/TAP device /) or
($ThisLine =~ /Closing TUN\/TAP interface/) or
($ThisLine =~ /Interrupted system call/) or
($ThisLine =~ /^TLS-Auth MTU parms/) or
($ThisLine =~ /^MULTI:/) or
($ThisLine =~ /^ succeeded$/) or
($ThisLine =~ /^IFCONFIG POOL/)
) {
# Don't care about these...
} elsif ( ($ThisLine =~ /^OpenVPN .* built on .*/) ) {
# OpenVPN version
chomp($ThisLine);
$OpenVPNVersion=$ThisLine;
} elsif ( ($ThisLine =~ /^Initialization Sequence Completed/) ) {
$StartOpenVPN++;
} elsif ( ($ThisLine =~ /^SIGTERM.* process exiting/) ) {
$ShutdownOpenVPN++;
} elsif ( ($Host,$Cert) = ( $ThisLine =~ /^([^:]*):\d+ VERIFY OK: depth=\d+, (.*)$/ ) ) {
## Successful cert exchange
$FullHost = LookupIP ($Host);
$CertVerified{$Cert}{$FullHost}++;
} elsif ( ($Host,$User) = ( $ThisLine =~ /^([^:]*):\d+ \[([^\]]+)\] Peer Connection Init/ ) ) {
## x.x.x.x:y [user] Peer Connection Initiated with x.x.x.x:y
$FullHost = LookupIP ($Host);
$ClientConnection{$User}{$FullHost}++;
} elsif ( ($HostUser,$Param) = ( $ThisLine =~ /^([^:]*):\d+ SENT CONTROL \[.*\]: (.*)/ ) ) {
## user/x.x.x.x:y SENT CONTROL [user]: xxxx....
chomp($Param);
$ClientParam{$HostUser}{$Param}++;
} else {
# Report any unmatched entries...
chomp($ThisLine);
$OtherList{$ThisLine}++;
}
}
#######################################
if ( ( $Detail >= 5 ) and ($StartOpenVPN) ) {
if ($OpenVPNVersion) { print "$OpenVPNVersion\n"; }
print "OpenVPN started/reloaded: $StartOpenVPN Time(s)\n";
}
if ( ( $Detail >= 5 ) and ($ShutdownOpenVPN) ) {
print "OpenVPN shutdown: $ShutdownOpenVPN Time(s)\n";
}
if ( ( $Detail >= 5 ) and (keys %ClientConnection) ) {
print "\nOpenVPN Client Connections:\n";
foreach $ThisOne (sort {$a cmp $b} keys %ClientConnection) {
print " $ThisOne:\n";
foreach $Message (sort {$a cmp $b} keys %{$ClientConnection{$ThisOne}}) {
print " $Message: $ClientConnection{$ThisOne}{$Message} Time(s)\n";
}
}
}
if ( ( $Detail >= 5 ) and (keys %ClientParam) ) {
print "\nOpenVPN Client Connection Parameters:\n";
foreach $ThisOne (sort {$a cmp $b} keys %ClientParam) {
print " $ThisOne:\n";
foreach $Message (sort {$a cmp $b} keys %{$ClientParam{$ThisOne}}) {
print " $Message: $ClientParam{$ThisOne}{$Message} Time(s)\n";
}
}
}
if ( ( $Detail >= 5 ) and (keys %CertVerified) ) {
print "\nCertificates verified:\n";
foreach $ThisOne (sort {$a cmp $b} keys %CertVerified) {
($Crt1,$Crt2) = ( $ThisOne =~ /^\/(.*)\/OU=(.*)$/ );
# print " $ThisOne:\n";
print " $Crt1\n OU=$Crt2:\n";
foreach $Client (sort {$a cmp $b} keys %{$CertVerified{$ThisOne}}) {
print " $Client: $CertVerified{$ThisOne}{$Client} Time(s)\n";
}
}
}
if (keys %OtherList) {
print "\n**Unmatched Entries**\n";
foreach $line (sort {$a cmp $b} keys %OtherList) {
print " $line: $OtherList{$line} Time(s)\n";
}
}
exit(0);
/etc/logwatch/conf/openvpn.conf
########################################################################### # $Id: openvpn.conf,v 1.0 2005/07/27 17:08:09 hyppo Exp $ # Written and maintained by: # Filippo Grassilli <http://hyppo.com/email.php> ########################################################################### Title = "OpenVPN" # Which logfile group... LogFile = messages # Whether or not to lookup the IPs into hostnames... # Setting this to Yes will significantly increase runtime $openvpn_ip_lookup = Yes $openvpn_detail_level = 5 # Only give lines pertaining to the named service... *OnlyService = openvpn *RemoveHeaders
