/usr/local/sbin/nsm_sensor_clean should purge old Bro logs #206

Closed
GoogleCodeExporter opened this Issue Mar 24, 2015 · 3 comments

Comments

Projects
None yet
1 participant
@GoogleCodeExporter
/usr/local/sbin/nsm_sensor_clean should purge old Bro logs

Original issue reported on code.google.com by doug.bu...@gmail.com on 24 Jan 2012 at 8:01

@GoogleCodeExporter

This comment has been minimized.

Show comment
Hide comment
@GoogleCodeExporter

GoogleCodeExporter Mar 24, 2015

Added the following to /usr/local/lib/nsmnow/lib-nsm-sensor-utils:


# Initialize REMOVED to "no".
        # We recursively run this job until one of the following conditions exist:
        # - there are no more files/dirs to delete (REMOVED=no even at the end)
        # - disk is under $CRIT_DISK_USAGE
        REMOVED="no"

        # find the oldest Bro logs directory and exclude today
                OLDEST_DIR=$(ls /nsm/bro/logs/ | grep -v "current" | grep -v "stats" | sort | grep -v $TODAY | head -n 1)
                if [ -z "$OLDEST_DIR" -o "$OLDEST_DIR" == ".." -o "$OLDEST_DIR" == "." ]
                then
                        echo_msg 1 "${RED}no old Bro logs available to clean up in /nsm/bro/logs/"
                else
                        echo_msg 1 "removing directory: /nsm/bro/logs/$OLDEST_DIR"
                        rm -rf /nsm/bro/logs/"$OLDEST_DIR"
                        REMOVED="yes"
                fi

Original comment by doug.bu...@gmail.com on 26 Jan 2012 at 9:28

  • Added labels: ****
  • Removed labels: ****
Added the following to /usr/local/lib/nsmnow/lib-nsm-sensor-utils:


# Initialize REMOVED to "no".
        # We recursively run this job until one of the following conditions exist:
        # - there are no more files/dirs to delete (REMOVED=no even at the end)
        # - disk is under $CRIT_DISK_USAGE
        REMOVED="no"

        # find the oldest Bro logs directory and exclude today
                OLDEST_DIR=$(ls /nsm/bro/logs/ | grep -v "current" | grep -v "stats" | sort | grep -v $TODAY | head -n 1)
                if [ -z "$OLDEST_DIR" -o "$OLDEST_DIR" == ".." -o "$OLDEST_DIR" == "." ]
                then
                        echo_msg 1 "${RED}no old Bro logs available to clean up in /nsm/bro/logs/"
                else
                        echo_msg 1 "removing directory: /nsm/bro/logs/$OLDEST_DIR"
                        rm -rf /nsm/bro/logs/"$OLDEST_DIR"
                        REMOVED="yes"
                fi

Original comment by doug.bu...@gmail.com on 26 Jan 2012 at 9:28

  • Added labels: ****
  • Removed labels: ****
@GoogleCodeExporter

This comment has been minimized.

Show comment
Hide comment
@GoogleCodeExporter

GoogleCodeExporter Mar 24, 2015

Packaged:
/usr/local/lib/ruby/gems/1.9.1/gems/fpm-0.3.11/bin/fpm -s dir -t deb -n 
securityonion-nsmnow-admin-scripts -v 20120125 /etc/init.d/nsm* 
/usr/share/nsmnow/ /usr/local/sbin/nsm* /usr/local/lib/nsmnow/ 
/etc/cron.d/sensor-* /etc/cron.d/nsm* /etc/cron.d/bro* 
/etc/init/securityonion.conf

Original comment by doug.bu...@gmail.com on 26 Jan 2012 at 9:28

  • Added labels: ****
  • Removed labels: ****
Packaged:
/usr/local/lib/ruby/gems/1.9.1/gems/fpm-0.3.11/bin/fpm -s dir -t deb -n 
securityonion-nsmnow-admin-scripts -v 20120125 /etc/init.d/nsm* 
/usr/share/nsmnow/ /usr/local/sbin/nsm* /usr/local/lib/nsmnow/ 
/etc/cron.d/sensor-* /etc/cron.d/nsm* /etc/cron.d/bro* 
/etc/init/securityonion.conf

Original comment by doug.bu...@gmail.com on 26 Jan 2012 at 9:28

  • Added labels: ****
  • Removed labels: ****
@GoogleCodeExporter

This comment has been minimized.

Show comment
Hide comment
@GoogleCodeExporter

GoogleCodeExporter Mar 24, 2015

Published:
http://securityonion.blogspot.com/2012/01/security-onion-20120125-now-available.
html

Original comment by doug.bu...@gmail.com on 26 Jan 2012 at 9:33

  • Changed state: Verified
  • Added labels: ****
  • Removed labels: ****
Published:
http://securityonion.blogspot.com/2012/01/security-onion-20120125-now-available.
html

Original comment by doug.bu...@gmail.com on 26 Jan 2012 at 9:33

  • Changed state: Verified
  • Added labels: ****
  • Removed labels: ****
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment