Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/net-analyzer/sguil-sensor/files/log_packets.initd
diff options
context:
space:
mode:
Diffstat (limited to 'net-analyzer/sguil-sensor/files/log_packets.initd')
-rw-r--r--net-analyzer/sguil-sensor/files/log_packets.initd92
1 files changed, 92 insertions, 0 deletions
diff --git a/net-analyzer/sguil-sensor/files/log_packets.initd b/net-analyzer/sguil-sensor/files/log_packets.initd
new file mode 100644
index 000000000000..a9d37ac5efd3
--- /dev/null
+++ b/net-analyzer/sguil-sensor/files/log_packets.initd
@@ -0,0 +1,92 @@
+#!/sbin/runscript
+# Copyright 1999-2014 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+extra_commands="cleandisk"
+
+LOG_DIR="${LOGDIR}/${HOSTNAME}/dailylogs"
+
+start() {
+ ebegin "Starting Log_packest"
+ if [ ! -x /usr/bin/snort ]
+ then
+ eerror "No snort - cannot start"
+ eend 1
+ return 1
+ fi
+
+ if [ ! -d ${LOG_DIR} ]
+ then
+ mkdir -p ${LOG_DIR}
+ chmod 770 ${LOG_DIR}
+ fi
+
+ today=$(date '+%Y-%m-%d')
+
+ if [ ! -d "${LOG_DIR}/${today}" ]
+ then
+ mkdir "${LOG_DIR}/${today}"
+ chmod 770 "${LOG_DIR}/${today}"
+ chown root:sguil "${LOG_DIR}/${today}"
+ fi
+ start-stop-daemon --start --quiet -b -m --pidfile "${PIDFILE}" \
+ --exec /usr/bin/snort \
+ -- ${OPTIONS} -l "${LOG_DIR}/${today}" -b -i "${IFACE}" "${FILTER}"
+ real_cleandisk
+ eend $?
+}
+
+stop() {
+ ebegin "Stopping Sensor Agent"
+ start-stop-daemon --stop --quiet --pidfile "${PIDFILE}"
+ eend $?
+}
+
+cleandisk() {
+ ebegin "Cleaning Disk"
+ real_cleandisk
+ eend $?
+}
+
+# This func checks the current space being used by LOG_DIR
+# and rm's data as necessary.
+real_cleandisk() {
+ einfo "Checking disk space (limited to ${MAX_DISK_USE}%)..."
+ # grep, awk, tr...woohoo!
+ CUR_USE=$(df -P ${LOG_DIR} | grep -v -i filesystem | awk '{print $5}' | tr -d %)
+ einfo " Current Disk Use: ${CUR_USE}%"
+
+ if [ ${CUR_USE} -gt ${MAX_DISK_USE} ]
+ then
+ # If we are here then we passed our disk limit
+ # First find the oldest DIR
+ cd "${LOG_DIR}"
+ # Can't use -t on the ls since the mod time changes each time we
+ # delete a file. Good thing we use YYYY-MM-DD so we can sort.
+ OLDEST_DIR=$(ls | sort | head -n 1)
+ cd "${OLDEST_DIR}"
+
+ OLDEST_FILE=$(ls -t | tail -n 1)
+
+ if [ -f "${OLDEST_FILE}" ]
+ then
+ einfo " Removing file: ${OLDEST_DIR}/${OLDEST_FILE}"
+ rm -f "${OLDEST_FILE}"
+ else
+ einfo " Removing empty dir: ${OLDEST_DIR}"
+ cd ..
+ rm -rf "${OLDEST_DIR}"
+ fi
+
+ # Run cleandisk again as rm'ing one file might been enough
+ # but we wait 5 secs in hopes any open writes are done.
+ sync
+ einfo " Waiting 5 secs for disk to sync..."
+ sleep 5
+ real_cleandisk
+ else
+ einfo "Done."
+ fi
+}
+