1 diff -urp fwlogwatch-1.1./contrib/fwlogsummary.cgi fwlogwatch-1.1/contrib/fwlogsummary.cgi
2 --- fwlogwatch-1.1./contrib/fwlogsummary.cgi 2006-03-08 20:36:08.000000000 +0100
3 +++ fwlogwatch-1.1/contrib/fwlogsummary.cgi 2007-12-31 13:05:45.284763467 +0100
7 WEBDIR="/var/www/html/fwlogwatch"
8 -FWLOGWATCH="/usr/local/sbin/fwlogwatch"
9 +FWLOGWATCH="/usr/sbin/fwlogwatch"
11 if [ ! -d $WEBDIR ] ; then
12 echo "Directory $WEBDIR does not exist!"
17 - MESSAGES="/var/log/messages"
18 + MESSAGES="/var/log/iptables"
22 diff -urp fwlogwatch-1.1./contrib/fwlogwatch.php fwlogwatch-1.1/contrib/fwlogwatch.php
23 --- fwlogwatch-1.1./contrib/fwlogwatch.php 2006-03-08 20:36:08.000000000 +0100
24 +++ fwlogwatch-1.1/contrib/fwlogwatch.php 2007-12-31 13:05:45.288096571 +0100
29 -$fwlogwatch = "/usr/local/sbin/fwlogwatch";
30 +$fwlogwatch = "/usr/sbin/fwlogwatch";
32 /**********************************************************************/
34 diff -urp fwlogwatch-1.1./fwlogwatch.8 fwlogwatch-1.1/fwlogwatch.8
35 --- fwlogwatch-1.1./fwlogwatch.8 2006-03-08 20:36:02.000000000 +0100
36 +++ fwlogwatch-1.1/fwlogwatch.8 2007-12-31 13:05:45.288096571 +0100
37 @@ -39,7 +39,7 @@ for log formats that contain this inform
38 Use the alternate configuration file
40 instead of the default configuration file
41 -.B /etc/fwlogwatch.config
42 +.B /etc/fwlogwatch/fwlogwatch.config
43 (which does not need to exist). Only options not specified in the files can
44 be overridden by command line options.
46 @@ -233,7 +233,7 @@ These email recipients will get a carbon
49 Template file for report (defaults to
50 -.B /etc/fwlogwatch.template
51 +.B /etc/fwlogwatch/fwlogwatch.template
53 .SH "REALTIME RESPONSE MODE"
55 @@ -280,7 +280,7 @@ and the default password is
56 status web server can be changed in the configuration file.
58 You can specify one or more input files (if none is given it defaults to
61 ). Relevant entries are automatically detected so combined log files (e.g.
62 from a log host) are no problem. Compressed files are supported (except in
63 realtime response mode where they don't make sense anyway). The '-' sign
64 @@ -311,11 +311,11 @@ for months and
68 -.IP \fB/etc/fwlogwatch.config\fR
69 +.IP \fB/etc/fwlogwatch/fwlogwatch.config\fR
70 Default configuration file.
71 -.IP \fB/etc/fwlogwatch.template\fR
72 +.IP \fB/etc/fwlogwatch/fwlogwatch.template\fR
73 Default template for incident reports.
74 -.IP \fB/var/log/messages\fR
75 +.IP \fB/var/log/iptables\fR
76 Default input log file.
77 .IP \fB/var/run/fwlogwatch.pid\fR
78 Default PID file generated by the daemon in realtime response mode if
79 @@ -340,7 +340,7 @@ Since
80 is a security tool special care was taken to make it secure. You can and
81 should run it with user permissions for most functions, you can make it
85 is in if all you need is to be able to read this file. Only the realtime
86 response mode with activated ipchains rule analysis needs superuser
87 permissions but you might also need them to write the PID file, for actions
88 diff -urp fwlogwatch-1.1./fwlogwatch.config fwlogwatch-1.1/fwlogwatch.config
89 --- fwlogwatch-1.1./fwlogwatch.config 2004-03-23 14:09:21.000000000 +0100
90 +++ fwlogwatch-1.1/fwlogwatch.config 2007-12-31 13:06:07.166592912 +0100
92 # absolute path to the file.
93 # Command line option: [file(s)]
95 -#input = /var/log/messages
96 +#input = /var/log/kernel
97 +input = /var/log/iptables
100 ### Evaluation options ###
102 # replaced with the report.
103 # Command line option: -I <file>
105 -#template = /etc/fwlogwatch.template
106 +template = /etc/fwlogwatch/fwlogwatch.template
109 ### Realtime response mode ###
111 # unprivileged port and with enough permissions to read a log file to run it
112 # entirely as user, but you will not be able to execute response scripts
113 # that need root privileges (e.g. to modify a firewall).
114 -# Suggested value: nobody
115 +# Suggested value: stats
120 # The option 'stateful_start' is enabled by default and causes fwlogwatch
121 # to read in the full log file at start and remember all entries that are
123 # Alternative paths for the notification and response scripts can be
124 # specified with the 'notification_script' and 'response_script' options.
126 -#notification_script = /usr/local/sbin/fwlw_notify
127 -#response_script = /usr/local/sbin/fwlw_respond
128 +#notification_script = /usr/sbin/fwlw_notify
129 +#response_script = /usr/sbin/fwlw_respond
131 # Known hosts are those that will not be warned about or actions taken
132 # against, even if they match the alert/response criteria.
133 diff -urp fwlogwatch-1.1./main.h fwlogwatch-1.1/main.h
134 --- fwlogwatch-1.1./main.h 2006-04-17 16:54:51.000000000 +0200
135 +++ fwlogwatch-1.1/main.h 2007-12-31 13:05:45.288096571 +0100
140 -#define INFILE "/var/log/messages"
141 +#define INFILE "/var/log/iptables"
143 #define INFILE "/var/adm/messages"
145 -#define RCFILE CONF_DIR "/fwlogwatch.config"
146 +#define RCFILE CONF_DIR "/fwlogwatch/fwlogwatch.config"
150 @@ -293,11 +293,11 @@ enum {
151 /* Interactive report mode */
153 #define CERT "[Insert address of abuse contact or CERT here]"
154 -#define TEMPLATE CONF_DIR "/fwlogwatch.template"
155 +#define TEMPLATE CONF_DIR "/fwlogwatch/fwlogwatch.template"
156 #define FILENAME "fwlogwatchXXXXXX"
157 #define INSERTREPORT "# insert report here"
158 #define P_CAT "/bin/cat"
159 -#define P_SENDMAIL "/usr/sbin/sendmail"
160 +#define P_SENDMAIL "/usr/lib/sendmail"