sales@fastnetmon.com

Support

Free Trial

sales@fastnetmon.com

Support

Free Trial

FastNetMon Advanced Notify Script in Bash

Deprecation notice

Please note: We do not recommend using this script for new production installations as it does not support the majority of new capabilities in FastNetMon. Please use JSON-based scripts instead: Python callback script and Perl callback script.

Introduction

FastNetMon can call a notify script, which calls when DDoS traffic arrives. You could use it for integration with third-party applications or monitoring systems.

We use mail tool, please install it before:

sudo apt-get install -y bsd-mailx

Example script provided below will send an email to the address specified inside the script:

#!/usr/bin/env bash

# This script will get following parameters:
#  $1 client_ip_as_string
#  $2 data_direction
#  $3 pps_as_string
#  $4 action (ban or unban)

email_notify="root,please_fix_this_email@domain.ru"

if [ "$4" = "unban" ]; then
    # No details arrived to stdin here

    # Unban actions if used
    exit 0
fi

#
# For ban action we will receive attack details to stdin
# 
# Please do not remove "cat" command because
# FastNetMon will crash in this case (it expect read of data from script side).
#

if [ "$4" = "ban" ]; then
    cat | mail -s "FastNetMon Guard: IP $1 blocked because $2 attack with power $3 pps" $email_notify;
    # You can add ban code here
    exit 0
fi

Please put it to file /usr/local/bin/notify_script.bash

And set executable bit for it:

sudo chmod +x /usr/local/bin/notify_script.bash

Then open example notify script with favourite editor and specify your email in field: “email_notify”.

Then try to run it manually for ban action:

echo ban_details | /usr/local/bin/notify_script.bash 11.22.33.44 incoming 100500 ban

And try to run it manually for unban (we do not have details in this case):

/usr/local/bin/notify_script.bash 11.22.33.44 incoming 100500 unban

You should receive example emails in both cases.

From FastNetMon side you need to apply the following configuration:

sudo fcli set main notify_script_enabled enable
sudo fcli set main notify_script_path /usr/local/bin/notify_script.bash
sudo fcli set main notify_script_format text
sudo fcli commit