Page 1 of 1

Email-script if a certain DSTNAT is used

Posted: Wed Jul 31, 2019 12:01 pm
by plisken
I'd like to make a script.
If someone wants to log in via a DSTNAT rule
an email is sent to me.
I have created and logged the DSTNAT rule

The log looks like this

firewall,info DSTNAT-RULE dstnat: in:sfp-sfpplus1_WAN out:(unknown 0), src-mac xx:xx:xx:xx:xx:xx, proto TCP (SYN), 111.111.111.111:2019->10.10.10.10:10089, len 52
Can someone help me if the DSTNAT rule is used that I receive an email?

Re: Email-script if a certain DSTNAT is used

Posted: Wed Jul 31, 2019 1:04 pm
by cdiedrich
You might get lucky with this log parser script.
If you have more than a handful of equipment, it might be worth considering collecting all logs centrally. We're running Graylog to collect the logs from ~200 devices and setting up alerts in Graylog is really easy.

-Chris