43a44,46
> # Person to get FW entries.
> FWADMIN=root
> 
83a87,92
> # File of keywords to use for finding FW entries. These will be sent to
> # FWADMIN, but _not_ SYSADMIN. DO NOT LEAVE THIS FILE EMPTY, for reasons
> # described below.
> 
> FIREWALL_FILE=/usr/local/etc/logcheck.firewall
> 
149c158
< if [ -f $TMPDIR/check.$$ -o -f $TMPDIR/checkoutput.$$ -o -f $TMPDIR/checkreport.$$ ]; then
---
> if [ -f $TMPDIR/check.$$ -o -f $TMPDIR/checkoutput.$$ -o -f $TMPDIR/checkreport.$$ -o -f $TMPDIR/fwreport.$$ ]; then
210d218
< 
216a225
> FIREWALL=0
227a237,252
> # Do the firewall filtering - we do some strange workarounds to log the FW
> # stuff to one recipient, but not to the other(s)
> if [ -f "$FIREWALL_FILE" ]; then
> 	if $GREP -i -f $FIREWALL_FILE $TMPDIR/check.$$ > $TMPDIR/fwoutput.$$; then
> 		echo > $TMPDIR/fwreport.$$
> 		echo "Active Firewall Log Detects" >> $TMPDIR/fwreport.$$
> 		echo "=-=-=-=-=-=-=-=-=-=-=-=-=-=" >> $TMPDIR/fwreport.$$
> 		cat $TMPDIR/fwoutput.$$ >> $TMPDIR/fwreport.$$
> 		FIREWALL=1
> 
> 		# Clunky evil code.
> 		grep -i -v -f $FIREWALL_FILE $TMPDIR/check.$$ > $TMPDIR/check1.$$
> 		mv $TMPDIR/check1.$$ $TMPDIR/check.$$
> 	fi
> fi
> 
270a296,299
> if [ "$FIREWALL" -eq 1 ]; then
> 	cat $TMPDIR/fwreport.$$ | $MAIL -s "$HOSTNAME $DATE Firewall Log" $FWADMIN
> fi
> 
272c301
< rm -f $TMPDIR/check.$$ $TMPDIR/checkoutput.$$ $TMPDIR/checkreport.$$
---
> rm -f $TMPDIR/check.$$ $TMPDIR/checkoutput.$$ $TMPDIR/checkreport.$$ $TMPDIR/fwreport.$$