sostat should display the size of each pcap directory

[GoogleCodeExporter]

for i in /nsm/sensor_data/*; do echo $i/dailylogs/; cd $i/dailylogs; du 
--max-depth=1 -h; cd ->/dev/null; echo; done

Original issue reported on code.google.com by doug.bu...@gmail.com on 13 Apr 2012 at 8:00

[GoogleCodeExporter]

Need to sort on the name of the directory:

for i in /nsm/sensor_data/*; do echo $i/dailylogs/; cd $i/dailylogs; du 
--max-depth=1 -h|sort -k2; cd ->/dev/null; echo; done

Also need to include Bro logs:

cd /nsm/bro/logs/; du --max-depth=1 -h |sort -k2; cd ->/dev/null

Original comment by doug.bu...@gmail.com on 16 Apr 2012 at 12:47

• Added labels: ****
• Removed labels: ****

[GoogleCodeExporter]

Modified code as follows:


if [ -d /nsm/sensor_data ]; then
    echo
    header "Log Archive"
    for i in /nsm/sensor_data/*; do echo $i/dailylogs/; cd $i/dailylogs; du --max-depth=1 -h|sort -k2; cd ->/dev/null; echo; done
    echo "/nsm/bro/logs/"; cd /nsm/bro/logs/; du --max-depth=1 -h |sort -k2; cd ->/dev/null
    echo
    header "IDS Engine ($ENGINE) packet drops"
    if [ "$ENGINE" = "suricata" ]; then
        for i in /nsm/sensor_data/*/stats.log; do
            echo "$i"
            tail -n 50 "$i" |
                grep -e "Date: " -e "drop"
            echo
        done
    else
        for i in /nsm/sensor_data/*/snort.stats; do 
            if grep -q '^[^#]' "$i"; then
                echo -n "$i last reported pkt_drop_percent as "
                grep -v '^#' "$i" |tail -n 1 |cut -d\, -f2
            else
                echo "ERROR: No stats found in $i"
            fi
        done
    fi
fi

Original comment by doug.bu...@gmail.com on 22 Apr 2012 at 7:06

• Added labels: ****
• Removed labels: ****

[GoogleCodeExporter]

Tested by:
Eric Ooi
Scott Runnels
David Zawdie

Published:
http://securityonion.blogspot.com/2012/04/security-onion-20120423-now-available.
html

Original comment by doug.bu...@gmail.com on 23 Apr 2012 at 10:46

• Changed state: Verified
• Added labels: ****
• Removed labels: ****