Logwatch - OpenVPN

To allow Logwatch to check on OpenVPN's logs running on a Fedora Core or other Linux system you need to install this script & conf file.

;log         openvpn.log ;log-append  openvpn.log
 * In order for this script & config file to work you must disable both log & log-append in the OpenVPN Server Config File.

The Files are: /etc/logwatch/scripts/openvpn     - Logwatch perl module /etc/logwatch/conf/openvpn.conf   - Configuration file

/etc/logwatch/scripts/openvpn

# use Logwatch ':ip'; $Debug = $ENV{LOGWATCH_DEBUG}; $Detail = $ENV{LOGWATCH_DETAIL_LEVEL} || 0; $DoLookup = $ENV{openvpn_ip_lookup}; $Detail = $ENV{openvpn_detail_level} || $Detail; if ( $Debug >= 5 ) { print STDERR "\n\nDEBUG: Inside OpenVPN Filter \n\n"; } while ($ThisLine = ) { if ( # Ignore...       $ThisLine =~ /Control Channel/ or       $ThisLine =~ /Data Channel (Decrypt|Encrypt|MTU)/ or       $ThisLine =~ /TLS: soft reset/ or       $ThisLine =~ /reading client specific options/ or       $ThisLine =~ /Expected Remote/ or       $ThisLine =~ /LZO compression/ or       $ThisLine =~ /killed expiring key/ or       $ThisLine =~ /Diffie-Hellman initialized/ or       $ThisLine =~ /Local Options hash/ or       $ThisLine =~ /Replay\-window backtrack/ or       $ThisLine =~ /TLS: Initial packet/ or       $ThisLine =~ /ip (addr add|link set) dev/ or       $ThisLine =~ /Re\-using SSL/ or       $ThisLine =~ /MULTI: Learn/ or       $ThisLine =~ /Received control message/ or       $ThisLine =~ /(Restart pause|process restarting)/ or       $ThisLine =~ /Inactivity timeout/ or       $ThisLine =~ /CRL CHECK OK/ or       $ThisLine =~ /VERIFY OK: nsCertType/ or       $ThisLine =~ /\d+:\d+ SIGUSR1\[.*restart/ or       $ThisLine =~ /^TCP\/UDP: Closing socket/ or       $ThisLine =~ /^UDPv4 link / or       $ThisLine =~ /^TUN\/TAP device / or       $ThisLine =~ /Closing TUN\/TAP interface/ or       $ThisLine =~ /Interrupted system call/ or       $ThisLine =~ /^TLS-Auth MTU parms/ or       $ThisLine =~ /^MULTI:/ or       $ThisLine =~ /^ succeeded$/ or       $ThisLine =~ /^IFCONFIG POOL/ ) {       # Don't care about these...     } elsif ( $ThisLine =~ /^OpenVPN .* built on .*/ ) {        # OpenVPN version        chomp($ThisLine);        $OpenVPNVersion=$ThisLine;     } elsif ( $ThisLine =~ /^Initialization Sequence Completed/ ) {        $StartOpenVPN++;     } elsif ( $ThisLine =~ /^SIGTERM.* process exiting/ ) {        $ShutdownOpenVPN++;     } elsif ( ($Host,$Cert) = $ThisLine =~ /^([^:]*):\d+ VERIFY OK: depth=\d+, (.*)$/ ) {        ## Successful cert exchange        $FullHost = LookupIP ($Host);        $CertVerified{$Cert}{$FullHost}++;     } elsif ( ($Host,$User) = $ThisLine =~ /^([^:]*):\d+ \[([^\]]+)\] Peer Connection Init/ ) {        ## x.x.x.x:y [user] Peer Connection Initiated with x.x.x.x:y        $FullHost = LookupIP ($Host);        $ClientConnection{$User}{$FullHost}++;     } elsif ( ($HostUser,$Param) = $ThisLine =~ /^([^:]*):\d+ SENT CONTROL \[.*\]: (.*)/ ) { ## user/x.x.x.x:y SENT CONTROL [user]: xxxx.... chomp($Param); $ClientParam{$HostUser}{$Param}++; } else { # Report any unmatched entries... chomp($ThisLine); $OtherList{$ThisLine}++; } } if ( $Detail >= 5 and $StartOpenVPN ) { if ($OpenVPNVersion) { print "$OpenVPNVersion\n"; } print "OpenVPN started/reloaded: $StartOpenVPN Time(s)\n"; } if ( $Detail >= 5 and $ShutdownOpenVPN ) { print "OpenVPN shutdown: $ShutdownOpenVPN Time(s)\n"; } if ( $Detail >= 5 and %ClientConnection ) { print "\nOpenVPN Client Connections:\n"; foreach $ThisOne (sort keys %ClientConnection) { print "  $ThisOne:\n"; foreach $Message (sort keys %{$ClientConnection{$ThisOne}}) { print "      $Message: $ClientConnection{$ThisOne}{$Message} Time(s)\n"; }    } } if ( $Detail >= 5 and %ClientParam ) { print "\nOpenVPN Client Connection Parameters:\n"; foreach $ThisOne (sort keys %ClientParam) { print "  $ThisOne:\n"; foreach $Message (sort keys %{$ClientParam{$ThisOne}}) { print "      $Message: $ClientParam{$ThisOne}{$Message} Time(s)\n"; }    } } if ( $Detail >= 5 and %CertVerified ) { print "\nCertificates verified:\n"; foreach $ThisOne (sort keys %CertVerified) { ($Crt1,$Crt2) = ( $ThisOne =~ /^\/(.*)\/OU=(.*)$/ ); # print " $ThisOne:\n"; print " $Crt1\n OU=$Crt2:\n"; foreach $Client (sort keys %{$CertVerified{$ThisOne}}) { print "      $Client: $CertVerified{$ThisOne}{$Client} Time(s)\n"; }    } } if (%OtherList) { print "\n**Unmatched Entries**\n"; foreach $line (sort keys %OtherList) { print "  $line: $OtherList{$line} Time(s)\n"; } } exit(0);
 * 1) !/usr/bin/perl
 * 2) $Log: openvpn,v $
 * 3) Revision 1.0  2005/07/27 17:19:34  hyppo
 * 4) Filippo Grassilli 
 * 1) Filippo Grassilli 
 * 1) Written and maintained by:
 * 2)    Filippo Grassilli 

/etc/logwatch/conf/openvpn.conf

Title = "OpenVPN" LogFile = messages $openvpn_ip_lookup = Yes $openvpn_detail_level = 5 *OnlyService = openvpn *RemoveHeaders
 * 1) $Id: openvpn.conf,v 1.0 2005/07/27 17:08:09 hyppo Exp $
 * 2) Written and maintained by:
 * 3)    Filippo Grassilli 
 * 1)    Filippo Grassilli 
 * 1) Which logfile group...
 * 1) Whether or not to lookup the IPs into hostnames...
 * 2) Setting this to Yes will significantly increase runtime
 * 1) Only give lines pertaining to the named service...