I would like to create a script that sends an email if an IP address is added to the black list on the local network.
The Black Lists are available, the addresses are dynamically added to them from the firewall rules.
I have created a local address list
the comparison is already working. Now somehow I can't write the ip variable in the email. Can you help me what am I doing wrong?
:local list1 [ip firewall address-list print where list="internal"];
:local list2 [ip firewall address-list print where list="brute_forcers_blacklist"];
:local ips1 [];
:local ips2 [];
:local emailAddress "mail@gmail.com"
:local EmailText;
:local systemName [system identity get name];
:local dateBlock [system clock get date] ;
:local timeBlock [system clock get time] ;
:local CreateTime;
:local SendError 0;
:local blackIP;
:foreach i in=$list1 do={
:set ips1 ($ips1 . $i->"address" . ",");
}
:foreach i in=$list2 do={
:set ips2 ($ips2 . $i->"address" . ",");
}
:if ( [:find $ips1 $ips2] = -1 ) do={
:put "Nincs azonos IP cím.";
} else={
:put "Van azonos IP cím.";
:log info "IP"
:foreach ip in={$ips1;ips2} do={
:set blackIP [ip firewall address-list find where .id address=$ip list="internal"];
:set EmailText ($EmailText."IP [$blackIP] Has been added to the BlackList\r\n");
:put "Van azonos IP cím.";
:log info IP2;
:log info $ip;
}
}
:if ([:len $EmailText] > 0) do={
:do {
tool e-mail send to="$emailAddress" subject="$systemName Security Notice" body="$systemName Security Notice\r\nRuning Time: $dateBlock - $timeBlock\r\n\r\n$EmailText"
} on-error={
log error "$systemName Security Notice : Failed to send email.";
}
}