Allow Logwatch to collect data from OpenVPN’s logs

To allow Logwatch to check OpenVPN’s logs running on a Fedora or other Linux system you need to install this script & conf file.

In order for this script & config file to work you must disable both log & log-append in the OpenVPN Server Config File.

;log          openvpn.log
;log-append   openvpn.log

The Files are:

/etc/logwatch/scripts/openvpn      - Logwatch perl module
/etc/logwatch/conf/openvpn.conf    - Configuration file

/etc/logwatch/scripts/openvpn

#!/usr/bin/perl
##########################################################################
# $Log: openvpn,v $
# Revision 1.0  2005/07/27 17:19:34  hyppo
# Filippo Grassilli http://hyppo.com/email.php
#
# Written and maintained by:
#    Filippo Grassilli http://hyppo.com/email.php
##########################################################################

use Logwatch ':ip';

$Debug = $ENV{'LOGWATCH_DEBUG'};
$Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} || 0;
$DoLookup = $ENV{'openvpn_ip_lookup'};
$Detail = $ENV{'openvpn_detail_level'} || $Detail;

if ( $Debug >= 5 ) {
   print STDERR "nnDEBUG: Inside OpenVPN Filter nn";
}

while (defined($ThisLine = <STDIN>)) {
   if (  # Ignore...
      ($ThisLine =~ /Control Channel/) or
      ($ThisLine =~ /Data Channel (Decrypt|Encrypt|MTU)/) or
      ($ThisLine =~ /TLS: soft reset/) or
      ($ThisLine =~ /reading client specific options/) or
      ($ThisLine =~ /Expected Remote/) or
      ($ThisLine =~ /LZO compression/) or
      ($ThisLine =~ /killed expiring key/) or
      ($ThisLine =~ /Diffie-Hellman initialized/) or
      ($ThisLine =~ /Local Options hash/) or
      ($ThisLine =~ /Replay-window backtrack/) or
      ($ThisLine =~ /TLS: Initial packet/) or
      ($ThisLine =~ /ip (addr add|link set) dev/) or
      ($ThisLine =~ /Re-using SSL/) or
      ($ThisLine =~ /MULTI: Learn/) or
      ($ThisLine =~ /Received control message/) or
      ($ThisLine =~ /(Restart pause|process restarting)/) or
      ($ThisLine =~ /Inactivity timeout/) or
      ($ThisLine =~ /CRL CHECK OK/) or
      ($ThisLine =~ /VERIFY OK: nsCertType/) or
      ($ThisLine =~ /d+:d+ SIGUSR1[.*restart/) or
      ($ThisLine =~ /^TCP/UDP: Closing socket/) or
      ($ThisLine =~ /^UDPv4 link /) or
      ($ThisLine =~ /^TUN/TAP device /) or
      ($ThisLine =~ /Closing TUN/TAP interface/) or
      ($ThisLine =~ /Interrupted system call/) or
      ($ThisLine =~ /^TLS-Auth MTU parms/) or
      ($ThisLine =~ /^MULTI:/) or
      ($ThisLine =~ /^ succeeded$/) or
      ($ThisLine =~ /^IFCONFIG POOL/)
   ) {
      # Don't care about these...
   } elsif ( ($ThisLine =~ /^OpenVPN .* built on .*/) ) {
      # OpenVPN version
      chomp($ThisLine);
      $OpenVPNVersion=$ThisLine;
   } elsif ( ($ThisLine =~ /^Initialization Sequence Completed/) ) {
      $StartOpenVPN++;
   } elsif ( ($ThisLine =~ /^SIGTERM.* process exiting/) ) {
      $ShutdownOpenVPN++;
   } elsif ( ($Host,$Cert) = ( $ThisLine =~ /^([^:]*):d+ VERIFY OK: depth=d+, (.*)$/ ) ) {
      ## Successful cert exchange
      $FullHost = LookupIP ($Host);
      $CertVerified{$Cert}{$FullHost}++;
   } elsif ( ($Host,$User) = ( $ThisLine =~ /^([^:]*):d+ [([^]]+)] Peer Connection Init/ ) ) {
      ## x.x.x.x:y [user] Peer Connection Initiated with x.x.x.x:y
      $FullHost = LookupIP ($Host);
      $ClientConnection{$User}{$FullHost}++;
   } elsif ( ($HostUser,$Param) = ( $ThisLine =~ /^([^:]*):d+ SENT CONTROL [.*]: (.*)/ ) ) {
      ## user/x.x.x.x:y SENT CONTROL [user]: xxxx....
      chomp($Param);
      $ClientParam{$HostUser}{$Param}++;
   } else {
      # Report any unmatched entries...
      chomp($ThisLine);
      $OtherList{$ThisLine}++;
   }
}

#######################################

if ( ( $Detail >= 5 ) and ($StartOpenVPN) ) {
   if ($OpenVPNVersion) { print "$OpenVPNVersionn"; }
   print "OpenVPN started/reloaded: $StartOpenVPN Time(s)n";
}
if ( ( $Detail >= 5 ) and ($ShutdownOpenVPN) ) {
   print "OpenVPN shutdown: $ShutdownOpenVPN Time(s)n";
}

if ( ( $Detail >= 5 ) and (keys %ClientConnection) ) {
   print "nOpenVPN Client Connections:n";
   foreach $ThisOne (sort {$a cmp $b} keys %ClientConnection) {
      print "   $ThisOne:n";
      foreach $Message (sort {$a cmp $b} keys %{$ClientConnection{$ThisOne}}) {
         print "       $Message: $ClientConnection{$ThisOne}{$Message} Time(s)n";
      }
   }
}
if ( ( $Detail >= 5 ) and (keys %ClientParam) ) {
   print "nOpenVPN Client Connection Parameters:n";
   foreach $ThisOne (sort {$a cmp $b} keys %ClientParam) {
      print "   $ThisOne:n";
      foreach $Message (sort {$a cmp $b} keys %{$ClientParam{$ThisOne}}) {
         print "       $Message: $ClientParam{$ThisOne}{$Message} Time(s)n";
      }
   }
}
if ( ( $Detail >= 5 ) and (keys %CertVerified) ) {
   print "nCertificates verified:n";
   foreach $ThisOne (sort {$a cmp $b} keys %CertVerified) {
      ($Crt1,$Crt2) = ( $ThisOne =~ /^/(.*)/OU=(.*)$/ );
      # print " $ThisOne:n";
      print " $Crt1n OU=$Crt2:n";
      foreach $Client (sort {$a cmp $b} keys %{$CertVerified{$ThisOne}}) {
         print "       $Client: $CertVerified{$ThisOne}{$Client} Time(s)n";
      }
   }
}

if (keys %OtherList) {
   print "n**Unmatched Entries**n";
   foreach $line (sort {$a cmp $b} keys %OtherList) {
      print "   $line: $OtherList{$line} Time(s)n";
   }
}

exit(0);

/etc/logwatch/conf/openvpn.conf

###########################################################################
# $Id: openvpn.conf,v 1.0 2005/07/27 17:08:09 hyppo Exp $
# Written and maintained by:
#    Filippo Grassilli <http://hyppo.com/email.php>
###########################################################################

Title = "OpenVPN"

# Which logfile group...
LogFile = messages

# Whether or not to lookup the IPs into hostnames...
# Setting this to Yes will significantly increase runtime
$openvpn_ip_lookup = Yes
$openvpn_detail_level = 5

# Only give lines pertaining to the named service...
*OnlyService = openvpn
*RemoveHeaders

Matt's Technology Blog

A place to play with code, software, & the web

Allow Logwatch to collect data from OpenVPN’s logs

Leave a Reply Cancel reply