Jump to content

Logwatch - OpenVPN

From MattWiki

To allow Logwatch to check on OpenVPN's logs running on a Fedora Core or other Linux system you need to install this script & conf file.

  • In order for this script & config file to work you must disable both log & log-append in the OpenVPN Server Config File.
;log          openvpn.log
;log-append   openvpn.log

The Files are: 

/etc/logwatch/scripts/openvpn      - Logwatch perl module
/etc/logwatch/conf/openvpn.conf    - Configuration file

/etc/logwatch/scripts/openvpn 

#!/usr/bin/perl
##########################################################################
# $Log: openvpn,v $
# Revision 1.0  2005/07/27 17:19:34  hyppo
# Filippo Grassilli <http://hyppo.com/email.php>
#
# Written and maintained by:
#    Filippo Grassilli <http://hyppo.com/email.php>
##########################################################################

use Logwatch ':ip';

$Debug = $ENV{LOGWATCH_DEBUG};
$Detail = $ENV{LOGWATCH_DETAIL_LEVEL} || 0;
$DoLookup = $ENV{openvpn_ip_lookup};
$Detail = $ENV{openvpn_detail_level} || $Detail;
 
if ( $Debug >= 5 ) {
   print STDERR "\n\nDEBUG: Inside OpenVPN Filter \n\n";
}

while ($ThisLine = <STDIN>) {
   if (  # Ignore...
      $ThisLine =~ /Control Channel/ or
      $ThisLine =~ /Data Channel (Decrypt|Encrypt|MTU)/ or
      $ThisLine =~ /TLS: soft reset/ or
      $ThisLine =~ /reading client specific options/ or
      $ThisLine =~ /Expected Remote/ or
      $ThisLine =~ /LZO compression/ or
      $ThisLine =~ /killed expiring key/ or
      $ThisLine =~ /Diffie-Hellman initialized/ or
      $ThisLine =~ /Local Options hash/ or
      $ThisLine =~ /Replay\-window backtrack/ or
      $ThisLine =~ /TLS: Initial packet/ or
      $ThisLine =~ /ip (addr add|link set) dev/ or
      $ThisLine =~ /Re\-using SSL/ or
      $ThisLine =~ /MULTI: Learn/ or
      $ThisLine =~ /Received control message/ or
      $ThisLine =~ /(Restart pause|process restarting)/ or
      $ThisLine =~ /Inactivity timeout/ or
      $ThisLine =~ /CRL CHECK OK/ or
      $ThisLine =~ /VERIFY OK: nsCertType/ or
      $ThisLine =~ /\d+:\d+ SIGUSR1\[.*restart/ or
      $ThisLine =~ /^TCP\/UDP: Closing socket/ or
      $ThisLine =~ /^UDPv4 link / or
      $ThisLine =~ /^TUN\/TAP device / or
      $ThisLine =~ /Closing TUN\/TAP interface/ or
      $ThisLine =~ /Interrupted system call/ or
      $ThisLine =~ /^TLS-Auth MTU parms/ or
      $ThisLine =~ /^MULTI:/ or
      $ThisLine =~ /^ succeeded$/ or
      $ThisLine =~ /^IFCONFIG POOL/
    ) {
       # Don't care about these...
    } elsif ( $ThisLine =~ /^OpenVPN .* built on .*/ ) {
       # OpenVPN version
       chomp($ThisLine);
       $OpenVPNVersion=$ThisLine;
    } elsif ( $ThisLine =~ /^Initialization Sequence Completed/ ) {
       $StartOpenVPN++;
    } elsif ( $ThisLine =~ /^SIGTERM.* process exiting/ ) {
       $ShutdownOpenVPN++;
    } elsif ( ($Host,$Cert) = $ThisLine =~ /^([^:]*):\d+ VERIFY OK: depth=\d+, (.*)$/ ) {
       ## Successful cert exchange
       $FullHost = LookupIP ($Host);
       $CertVerified{$Cert}{$FullHost}++;
    } elsif ( ($Host,$User) = $ThisLine =~ /^([^:]*):\d+ \[([^\]]+)\] Peer Connection Init/ ) {
       ## x.x.x.x:y [user] Peer Connection Initiated with x.x.x.x:y
       $FullHost = LookupIP ($Host);
       $ClientConnection{$User}{$FullHost}++;
    } elsif ( ($HostUser,$Param) = $ThisLine =~ /^([^:]*):\d+ SENT CONTROL \[.*\]: (.*)/ ) {
       ## user/x.x.x.x:y SENT CONTROL [user]: xxxx....
       chomp($Param);
       $ClientParam{$HostUser}{$Param}++;
    } else {
       # Report any unmatched entries...
       chomp($ThisLine);
       $OtherList{$ThisLine}++;
    }
 }

#######################################

if ( $Detail >= 5 and $StartOpenVPN ) {
   if ($OpenVPNVersion) { print "$OpenVPNVersion\n"; }
   print "OpenVPN started/reloaded: $StartOpenVPN Time(s)\n";
}
if ( $Detail >= 5 and $ShutdownOpenVPN ) {
   print "OpenVPN shutdown: $ShutdownOpenVPN Time(s)\n";
}

if ( $Detail >= 5 and %ClientConnection ) {
   print "\nOpenVPN Client Connections:\n";
   foreach $ThisOne (sort keys %ClientConnection) {
      print "   $ThisOne:\n";
      foreach $Message (sort keys %{$ClientConnection{$ThisOne}}) {
         print "       $Message: $ClientConnection{$ThisOne}{$Message} Time(s)\n";
      } 
   }
}
if ( $Detail >= 5 and %ClientParam ) {
   print "\nOpenVPN Client Connection Parameters:\n";
   foreach $ThisOne (sort keys %ClientParam) {
      print "   $ThisOne:\n";
      foreach $Message (sort keys %{$ClientParam{$ThisOne}}) {
         print "       $Message: $ClientParam{$ThisOne}{$Message} Time(s)\n";
      } 
   }
}
if ( $Detail >= 5 and %CertVerified ) {
   print "\nCertificates verified:\n";
   foreach $ThisOne (sort keys %CertVerified) {
      ($Crt1,$Crt2) = ( $ThisOne =~ /^\/(.*)\/OU=(.*)$/ );
      # print " $ThisOne:\n";
      print " $Crt1\n OU=$Crt2:\n";
      foreach $Client (sort keys %{$CertVerified{$ThisOne}}) {
         print "       $Client: $CertVerified{$ThisOne}{$Client} Time(s)\n";
      } 
   }
}

if (%OtherList) {
   print "\n**Unmatched Entries**\n";
   foreach $line (sort keys %OtherList) {
      print "   $line: $OtherList{$line} Time(s)\n";
   }
}

exit(0);

/etc/logwatch/conf/openvpn.conf 

###########################################################################
# $Id: openvpn.conf,v 1.0 2005/07/27 17:08:09 hyppo Exp $
# Written and maintained by:
#    Filippo Grassilli <http://hyppo.com/email.php>
###########################################################################

Title = "OpenVPN"

# Which logfile group...
LogFile = messages

# Whether or not to lookup the IPs into hostnames...
# Setting this to Yes will significantly increase runtime
$openvpn_ip_lookup = Yes
$openvpn_detail_level = 5

# Only give lines pertaining to the named service...
*OnlyService = openvpn
*RemoveHeaders
Retrieved from "https://wiki.mattrude.com/index.php?title=Logwatch_-_OpenVPN&oldid=9442"