#!/bin/csh
# pflog chopper script
# pulls daily pflogd logs in and mails to root
# should be run as a cron job at 1159pm

# version 1.1

# version history
# 1.0: first public release 6/14/03
# 1.1: added year to subject 10/26/03

# grab target date and wait until just after midnight
set date = `/bin/date "+%b %Od"`
set year = `/bin/date +%Y`
/bin/sleep 120

# check last rolled-over logfile
if (-e /var/log/pflog.0.gz) \
/usr/bin/gunzip -c /var/log/pflog.0.gz | \
  /usr/sbin/tcpdump -e -ttt -r - | \
  /usr/bin/grep -w "^$date" >& /var/log/pflogd.daily

# check tonight's logfile
if (-e /var/log/pflog) \
/usr/sbin/tcpdump -e -ttt -r /var/log/pflog | \
  /usr/bin/grep -w "^$date" >>& /var/log/pflogd.daily

# mail to root
/bin/cat /var/log/pflogd.daily | \
  /usr/bin/mail -s "`/bin/hostname` pflogchop $date $year output" root