Schedule fw monitor to run unattended via cron
Not a groundbreaking idea but worth remembering that you can also run scheduled fw monitor using the cron. In case you have some problem occurring at the late night hours or you want to run debug at night when system is loaded less or put your case here this is one of the ways to do it. First, the script named timed_fw_monitor.sh that starts the fw monitor:
#!/bin/bash
# We have to source Checkpoint environment variables for fw monitor to work
. /etc/profile.d/CP.sh
/opt/CPsuite-R71/fw1/bin/fw monitor -o /home/lambada/capture.cap -e 'accept icmp or port(25);'
Then of course I will want to stop fw monitor , here is the script named stop_fw_monitor.sh that I also put in cron jobs that stops previously started fw monitor :
#!/bin/bash
ps ax | grep 'capture.cap' | grep -v grep | awk '{ print ("kill -s 3 " $1) | "/bin/bash" }'
Now my crontab looks like this:
# DO NOT EDIT THIS FILE - edit the master and reinstall.
# (/tmp/crontab.4760 installed on Sat May 29 11:00:22 2010)
# (Cron version -- $Id: crontab.c,v 2.13 1994/01/17 03:20:37 vixie Exp $)
03 23 * * * /home/lambada/timed_fw_monitor.sh > /dev/null
17 23 * * * /home/lambada/stop_fw_monitor.sh > /dev/null
Follow me on https://www.linkedin.com/in/yurislobodyanyuk/ not to miss what I publish on Linkedin, Github, blog, and more.