FastNetMon could call notify script which calls when DDoS arrives. You could use it for integration with third-part applications or monitoring systems. We do not recommend using this script for new production installations. Please use JSON based scripts instead: Python callback script and Perl callback script.
We use mail tool, please install it before:
sudo apt-get install -y bsd-mailx
Example script provided below will send email to address specified inside script:
#!/usr/bin/env bash # This script will get following parameters: # $1 client_ip_as_string # $2 data_direction # $3 pps_as_string # $4 action (ban or unban) email_notify="root,please_fix_this_email@domain.ru" if [ "$4" = "unban" ]; then # No details arrived to stdin here # Unban actions if used exit 0 fi # # For ban action we will receive attack details to stdin # # Please do not remove "cat" command because # FastNetMon will crash in this case (it expect read of data from script side). # if [ "$4" = "ban" ]; then cat | mail -s "FastNetMon Guard: IP $1 blocked because $2 attack with power $3 pps" $email_notify; # You can add ban code here exit 0 fi
Please put it to file /usr/local/bin/notify_script.bash
And set executable bit for it:
sudo chmod +x /usr/local/bin/notify_script.bash
Then open example notify script with favourite editor and specify your email in field: “email_notify”.
Then try to run it manually for ban action:
echo ban_details | /usr/local/bin/notify_script.bash 11.22.33.44 incoming 100500 ban
And try to run it manually for unban (we do not have details in this case):
/usr/local/bin/notify_script.bash 11.22.33.44 incoming 100500 unban
You should receive example emails in both cases.
From FastNetMon side you need to apply following configuration:
sudo fcli set main notify_script_enabled enable sudo fcli set main notify_script_path /usr/local/bin/notify_script.bash sudo fcli set main notify_script_format text sudo fcli commit