On 9/21/2011 9:49 AM, Andreas Berton wrote:
On Wed, 21 Sep 2011, Stan Hoeppner wrote:
That said, with an NFS share it'd be absolutely trivial to modify this script for a split multi MX/outbound environment, and not much more difficult without NFS. In the latter case, in short, each outbound node would run the first line of this current script, each writing a different temp file name, and scp it to $MX. $MX would run the rest of this script, with line 2 cat'ing out all the temp files. $MX would then scp 'auto-whtlst' to the other MXen. Pretty straightforward.
I´ve thought on something similar in couple of days. You do not mind if a use whtlist.sh and make any modification to it.
No, not at all. Go for it. Post back your final script in case it's useful to others, if you don't mind.
History: This script is the direct result of this same discussion taking place on this list, some 1-2 years ago. Somebody wanted a simple bash script for whitelisting, instead of a more complex policy daemon, so Viktor, myself, maybe a few others, banged out a rough version pretty quickly.
Again, Viktor did the heavy lifting with the log parsing logic and deserves most of the credit. I just added the temp file processing logic and made it fully production capable on Debian. I've been using it in production since then and never had a problem with it. Works great on my low volume SOHO MX.
With huge log files on busy outbounds there may be locking/timing collisions to work out if logd attempts an append while this script is reading the log file. In that case you might need to do a copy first to a temp file and then parse the copy, something along those lines.
-- Stan
