nsm_sensor_clean should purge old files in /nsm/bro/extracted

[GoogleCodeExporter]

nsm_sensor_clean should purge old files in /nsm/bro/extracted

Original issue reported on code.google.com by doug.bu...@gmail.com on 20 Dec 2013 at 11:18

[GoogleCodeExporter]

Added the following to the sensor_cleandisk() function:

                # find the oldest extracted files in /nsm/bro/extracted/ and exclude today
                # NOTE: --time-style="long-iso" must be used so that the script works properly in a cron job where the locale is not set
                OLDEST_EXTRACT=$(ls -l --time-style="long-iso" /nsm/bro/extracted/*-* 2>/dev/null | awk '{print $6 " " $8}' |sort | grep -v $TODAY | head -n 1)
                if [ -z "$OLDEST_EXTRACT" -o "$OLDEST_EXTRACT" == ".." -o "$OLDEST_EXTRACT" == "." ]
                then    
                        echo_msg 1 "${RED}no old extracted files available to clean up in /nsm/bro/extracted/"
                else    
                        OLDEST_EXTRACT_DATE=`echo $OLDEST_EXTRACT | awk '{print $1}'`
                        OLDEST_EXTRACT_FILE=`echo $OLDEST_EXTRACT | awk '{print $2}'`
                        echo_msg 1 "removing extracted files for $OLDEST_EXTRACT_DATE"
                        ls -l --time-style="long-iso" /nsm/bro/extracted/*-* | grep $OLDEST_EXTRACT_DATE | awk '{print $8}' |while read FILE
                        do
                                echo_msg 1 "removing extracted file: $FILE"
                                rm -f "$FILE" 
                        done    
                        REMOVED="yes"
                fi      

Original comment by doug.bu...@gmail.com on 27 Dec 2013 at 12:39

• Added labels: ****
• Removed labels: ****

[GoogleCodeExporter]

Published:
http://blog.securityonion.net/2013/12/new-nsm-and-setup-packages-available.html

Original comment by doug.bu...@gmail.com on 31 Dec 2013 at 12:06

• Changed state: Verified
• Added labels: ****
• Removed labels: ****