New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

sostat should display the size of each pcap directory #258

Closed
GoogleCodeExporter opened this Issue Mar 24, 2015 · 3 comments

Comments

Projects
None yet
1 participant
@GoogleCodeExporter

GoogleCodeExporter commented Mar 24, 2015

for i in /nsm/sensor_data/*; do echo $i/dailylogs/; cd $i/dailylogs; du 
--max-depth=1 -h; cd ->/dev/null; echo; done

Original issue reported on code.google.com by doug.bu...@gmail.com on 13 Apr 2012 at 8:00

@GoogleCodeExporter

This comment has been minimized.

Show comment
Hide comment
@GoogleCodeExporter

GoogleCodeExporter Mar 24, 2015

Need to sort on the name of the directory:

for i in /nsm/sensor_data/*; do echo $i/dailylogs/; cd $i/dailylogs; du 
--max-depth=1 -h|sort -k2; cd ->/dev/null; echo; done

Also need to include Bro logs:

cd /nsm/bro/logs/; du --max-depth=1 -h |sort -k2; cd ->/dev/null

Original comment by doug.bu...@gmail.com on 16 Apr 2012 at 12:47

  • Added labels: ****
  • Removed labels: ****

GoogleCodeExporter commented Mar 24, 2015

Need to sort on the name of the directory:

for i in /nsm/sensor_data/*; do echo $i/dailylogs/; cd $i/dailylogs; du 
--max-depth=1 -h|sort -k2; cd ->/dev/null; echo; done

Also need to include Bro logs:

cd /nsm/bro/logs/; du --max-depth=1 -h |sort -k2; cd ->/dev/null

Original comment by doug.bu...@gmail.com on 16 Apr 2012 at 12:47

  • Added labels: ****
  • Removed labels: ****
@GoogleCodeExporter

This comment has been minimized.

Show comment
Hide comment
@GoogleCodeExporter

GoogleCodeExporter Mar 24, 2015

Modified code as follows:


if [ -d /nsm/sensor_data ]; then
    echo
    header "Log Archive"
    for i in /nsm/sensor_data/*; do echo $i/dailylogs/; cd $i/dailylogs; du --max-depth=1 -h|sort -k2; cd ->/dev/null; echo; done
    echo "/nsm/bro/logs/"; cd /nsm/bro/logs/; du --max-depth=1 -h |sort -k2; cd ->/dev/null
    echo
    header "IDS Engine ($ENGINE) packet drops"
    if [ "$ENGINE" = "suricata" ]; then
        for i in /nsm/sensor_data/*/stats.log; do
            echo "$i"
            tail -n 50 "$i" |
                grep -e "Date: " -e "drop"
            echo
        done
    else
        for i in /nsm/sensor_data/*/snort.stats; do 
            if grep -q '^[^#]' "$i"; then
                echo -n "$i last reported pkt_drop_percent as "
                grep -v '^#' "$i" |tail -n 1 |cut -d\, -f2
            else
                echo "ERROR: No stats found in $i"
            fi
        done
    fi
fi

Original comment by doug.bu...@gmail.com on 22 Apr 2012 at 7:06

  • Added labels: ****
  • Removed labels: ****

GoogleCodeExporter commented Mar 24, 2015

Modified code as follows:


if [ -d /nsm/sensor_data ]; then
    echo
    header "Log Archive"
    for i in /nsm/sensor_data/*; do echo $i/dailylogs/; cd $i/dailylogs; du --max-depth=1 -h|sort -k2; cd ->/dev/null; echo; done
    echo "/nsm/bro/logs/"; cd /nsm/bro/logs/; du --max-depth=1 -h |sort -k2; cd ->/dev/null
    echo
    header "IDS Engine ($ENGINE) packet drops"
    if [ "$ENGINE" = "suricata" ]; then
        for i in /nsm/sensor_data/*/stats.log; do
            echo "$i"
            tail -n 50 "$i" |
                grep -e "Date: " -e "drop"
            echo
        done
    else
        for i in /nsm/sensor_data/*/snort.stats; do 
            if grep -q '^[^#]' "$i"; then
                echo -n "$i last reported pkt_drop_percent as "
                grep -v '^#' "$i" |tail -n 1 |cut -d\, -f2
            else
                echo "ERROR: No stats found in $i"
            fi
        done
    fi
fi

Original comment by doug.bu...@gmail.com on 22 Apr 2012 at 7:06

  • Added labels: ****
  • Removed labels: ****
@GoogleCodeExporter

This comment has been minimized.

Show comment
Hide comment
@GoogleCodeExporter

GoogleCodeExporter Mar 24, 2015

Tested by:
Eric Ooi
Scott Runnels
David Zawdie

Published:
http://securityonion.blogspot.com/2012/04/security-onion-20120423-now-available.
html

Original comment by doug.bu...@gmail.com on 23 Apr 2012 at 10:46

  • Changed state: Verified
  • Added labels: ****
  • Removed labels: ****

GoogleCodeExporter commented Mar 24, 2015

Tested by:
Eric Ooi
Scott Runnels
David Zawdie

Published:
http://securityonion.blogspot.com/2012/04/security-onion-20120423-now-available.
html

Original comment by doug.bu...@gmail.com on 23 Apr 2012 at 10:46

  • Changed state: Verified
  • Added labels: ****
  • Removed labels: ****
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment