Before we look at it, my server is running OPENVPN and Uncomplicated Firewall(I’m running Ubuntu Server)

So how does it work?

Firstly we declare that we are using the bash shell using
#!/bin/bash

Next we’re setup some vairables, the first is simply formating the date and calling itself TODAYSDATE,
next we set todays archive to be archive.TODAYSDATE and call its self TODAYS_ARCHIVE

Next we create a directory called archive.TODAYSDATE

Now to the best bit, we start processing the logs
- We extract todays logs out of syslog
- From the extracted logs we extract the firewall (Uncomplicated Firewal/ UFW) logs to a seperate file
- Now extract todays messages log
- From todays extracted logs extract all OPENVPN related logs to a seperate log file
- Extract todays apache access.log and error.log
- Provide us with the currently running processes
- Zip it all up to the /archive/ folder
- back back up a directory level and delete the folder called archive.TODAYSDATE
- Now use mutt to attach the zip file to a email and send it

Now for the script – PLEASE FEEL FREE TO USE

#!/bin/bash
# Script By Liam Somerville, www.rootadmin.co.uk
# Use freely

#####################################################################
#                        Set up the variables
#####################################################################
#Set todays date
TODAYSDATE=`date +”%d-%b-%Y”`

#Format Archive
TODAYS_ARCHIVE=archive.$TODAYSDATE

#####################################################################
#                    Finished setting up Variables
#
#                   Now start processing the log files
#####################################################################

# Make a directory called archive with todays date and change to that direcory
mkdir $TODAYS_ARCHIVE
cd $TODAYS_ARCHIVE

#Write the log files
#Archive todays Syslog, extract all firewall related logs to firewall, then
# extract messages
cat /var/log/syslog | grep “`date +”%b %e” `” > syslog.$TODAYSDATE
cat syslog.$TODAYSDATE | grep UFW > firewall_log.$TODAYSDATE
cat /var/log/messages | grep “`date +”%b %e” `” > messages.$TODAYSDATE
#Process the OPEN VPN Server logs
cat syslog.$TODAYSDATE | grep “ovpn-server” > vpn_server_log.$TODAYSDATE
#
#Proceess Apache Logs
cat /var/log/apache2/error.log | grep “`date +”%b %d” `” > apache_error_log.$TODAYSDATE
cat /var/log/apache2/access.log | grep “`date +”%d/%b” `” > apache_access_log.$TODAYSDATE
#
#Process FTP Logs
cat /var/log/vsftpd.log | grep “`date +”%b %e” `” > ftp_log.$TODAYSDATE
#
# Get a list of currently running process
ps aux > Processes.$TODAYSDATE

# Zip up all the logs and delete todays log
zip /archive/$TODAYS_ARCHIVE.zip *
cd ..
rm -r $TODAYS_ARCHIVE

####################################################################
#                     Now email the zip file
###################################################################
echo | mutt -a /archive/$TODAYS_ARCHIVE.zip -s “Event logs for $TODAYSDATE” you@your.email.address.com