/security-onion

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

nsm_sensor_clean should purge old files in /nsm/bro/extracted #451

Closed
GoogleCodeExporter opened this Issue Mar 24, 2015 · 2 comments

Comments

Assignees
No one assigned
Labels
Priority-Medium Type-Defect auto-migrated
Projects
None yet
Milestone
No milestone
1 participant
@GoogleCodeExporter
@GoogleCodeExporter
Copy link

GoogleCodeExporter commented Mar 24, 2015 

nsm_sensor_clean should purge old files in /nsm/bro/extracted

Original issue reported on code.google.com by doug.bu...@gmail.com on 20 Dec 2013 at 11:18
@GoogleCodeExporter

This comment has been minimized.

Sign in to view
Copy link

GoogleCodeExporter commented Mar 24, 2015 

Added the following to the sensor_cleandisk() function:

                # find the oldest extracted files in /nsm/bro/extracted/ and exclude today
                # NOTE: --time-style="long-iso" must be used so that the script works properly in a cron job where the locale is not set
                OLDEST_EXTRACT=$(ls -l --time-style="long-iso" /nsm/bro/extracted/*-* 2>/dev/null | awk '{print $6 " " $8}' |sort | grep -v $TODAY | head -n 1)
                if [ -z "$OLDEST_EXTRACT" -o "$OLDEST_EXTRACT" == ".." -o "$OLDEST_EXTRACT" == "." ]
                then    
                        echo_msg 1 "${RED}no old extracted files available to clean up in /nsm/bro/extracted/"
                else    
                        OLDEST_EXTRACT_DATE=`echo $OLDEST_EXTRACT | awk '{print $1}'`
                        OLDEST_EXTRACT_FILE=`echo $OLDEST_EXTRACT | awk '{print $2}'`
                        echo_msg 1 "removing extracted files for $OLDEST_EXTRACT_DATE"
                        ls -l --time-style="long-iso" /nsm/bro/extracted/*-* | grep $OLDEST_EXTRACT_DATE | awk '{print $8}' |while read FILE
                        do
                                echo_msg 1 "removing extracted file: $FILE"
                                rm -f "$FILE" 
                        done    
                        REMOVED="yes"
                fi

Original comment by doug.bu...@gmail.com on 27 Dec 2013 at 12:39

  • Added labels: ****
  • Removed labels: ****

@GoogleCodeExporter GoogleCodeExporter added Priority-Medium Type-Defect auto-migrated labels Mar 24, 2015

@GoogleCodeExporter GoogleCodeExporter closed this Mar 24, 2015

@GoogleCodeExporter

This comment has been minimized.

Sign in to view
Copy link

GoogleCodeExporter commented Mar 24, 2015 

Published:
http://blog.securityonion.net/2013/12/new-nsm-and-setup-packages-available.html

Original comment by doug.bu...@gmail.com on 31 Dec 2013 at 12:06

  • Changed state: Verified
  • Added labels: ****
  • Removed labels: ****
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment