Deprecation notice
We do not recommend using this script for new production installations as it does not support majority of new capabilities provided by our product. Please use JSON based scripts instead: Python callback script and Perl callback script.
Introduction
FastNetMon could call notify script which calls when DDoS arrives. You could use it for integration with third-part applications or monitoring systems.
We use mail tool, please install it before:
sudo apt-get install -y bsd-mailx
Example script provided below will send email to address specified inside script:
#!/usr/bin/env bash
# This script will get following parameters:
# $1 client_ip_as_string
# $2 data_direction
# $3 pps_as_string
# $4 action (ban or unban)
email_notify="root,please_fix_this_email@domain.ru"
if [ "$4" = "unban" ]; then
# No details arrived to stdin here
# Unban actions if used
exit 0
fi
#
# For ban action we will receive attack details to stdin
#
# Please do not remove "cat" command because
# FastNetMon will crash in this case (it expect read of data from script side).
#
if [ "$4" = "ban" ]; then
cat | mail -s "FastNetMon Guard: IP $1 blocked because $2 attack with power $3 pps" $email_notify;
# You can add ban code here
exit 0
fi
Please put it to file /usr/local/bin/notify_script.bash
And set executable bit for it:
sudo chmod +x /usr/local/bin/notify_script.bash
Then open example notify script with favourite editor and specify your email in field: “email_notify”.
Then try to run it manually for ban action:
echo ban_details | /usr/local/bin/notify_script.bash 11.22.33.44 incoming 100500 ban
And try to run it manually for unban (we do not have details in this case):
/usr/local/bin/notify_script.bash 11.22.33.44 incoming 100500 unban
You should receive example emails in both cases.
From FastNetMon side you need to apply following configuration:
sudo fcli set main notify_script_enabled enable sudo fcli set main notify_script_path /usr/local/bin/notify_script.bash sudo fcli set main notify_script_format text sudo fcli commit