Scan CheckPoint logs and send email if VPN User connect
Below an example of CheckPoint Logs scan through vbscript.If a VPN user connect, we send an email to the manager.
Set objShell = CreateObject("WScript.Shell")
Set objWshScriptExec = objShell.Exec("fw log -ft -l -n")
Set objStdOut = objWshScriptExec.StdOut
While Not objStdOut.AtEndOfStream
strLine = objStdOut.ReadLine
Found = InStr (strLine, "Authenticated")
If Found Then
myString = strLine
myArray = Split(myString)
myUser = Split (myArray(10), ",")
'Send EMail to firewall Manager
Set objMessage = CreateObject("CDO.Message")
objMessage.Subject = "New VPN Connection for user " & myUser(0)
objMessage.From = mailfrom@domain.com
objMessage.To = "rcpt1@receiverdom.com;rcpt1@receiverdom.com"
objMessage.TextBody = strLine
'==This section provides the configuration information for the remote SMTP server.
'==Normally you will only change the server name or IP.
objMessage.Configuration.Fields.Item ("http://schemas.microsoft.com/cdo/configuration/sendusing") = 2
'Name or IP of Remote SMTP Server
objMessage.Configuration.Fields.Item ("http://schemas.microsoft.com/cdo/configuration/smtpserver") = "MailRelayIP"
'Server port (typically 25)
objMessage.Configuration.Fields.Item ("http://schemas.microsoft.com/cdo/configuration/smtpserverport") = 25
objMessage.Configuration.Fields.Update
'==End remote SMTP server configuration section==
objMessage.Send
End If
Wend
posted by Hervé SCHLECHT @ 1:00 PM
<< Home