#!/usr/bin/perl -w
# Separate ipchains/iptables messages from all other kernel messages.
# Strategy: read message from the /var/log/psadfifo named pipe and 
# print any firewall related dop/reject/deny messages to the psad 
# data file: /var/log/psad/fwdata.

#==================== config ======================= 
$PSAD_FW_DATA = "/var/log/psad/fwdata";
#================== end config ====================

#####################################################################

fork && exit;   # daemonize kmsgsd

while (1) {
	open(FIFO, "< /var/log/psadfifo") or die "Can't open file : $!\n";
	$service = <FIFO>;
	chomp $service;
	if (($service =~ /Packet/ || $service =~ /IN.+?OUT.+?MAC/) && $service =~ /DROP|REJECT|DENY/) {
		# log to the fwdata file
		if (open(LOG, ">> $PSAD_FW_DATA")) {
			print LOG "$service\n";
			close(LOG);
		} else { warn "Couldn't log $service to $PSAD_FW_DATA : $!\n"; }
	} 
		else {
		# log everything else to the messages log
		if (open(LOG, ">> /var/log/messages")) {
			print LOG "$service\n";
			close(LOG);
		} else { warn "Couldn't log $service to /var/log/messages : $!\n"; }
	}
}
