diff options
author | robiscool <robrob2626@yahoo.com> | 2010-09-09 21:31:10 -0700 |
---|---|---|
committer | robiscool <robrob2626@yahoo.com> | 2010-09-09 21:35:05 -0700 |
commit | 8b2f1c7498469af7ca5926ff8025e1a93fd3579d (patch) | |
tree | 5da1a56e3ec59f3782d824f7af05c6a4b873a52e /config/snort/snort_check_cron_misc.inc | |
parent | 16c5fbcc1b22914b0c851c519e125f14776846ca (diff) | |
download | pfsense-packages-8b2f1c7498469af7ca5926ff8025e1a93fd3579d.tar.gz pfsense-packages-8b2f1c7498469af7ca5926ff8025e1a93fd3579d.tar.bz2 pfsense-packages-8b2f1c7498469af7ca5926ff8025e1a93fd3579d.zip |
snort, add log rotation, fix bugs
Diffstat (limited to 'config/snort/snort_check_cron_misc.inc')
-rw-r--r-- | config/snort/snort_check_cron_misc.inc | 80 |
1 files changed, 80 insertions, 0 deletions
diff --git a/config/snort/snort_check_cron_misc.inc b/config/snort/snort_check_cron_misc.inc new file mode 100644 index 00000000..d5d5e095 --- /dev/null +++ b/config/snort/snort_check_cron_misc.inc @@ -0,0 +1,80 @@ +<?php
+/* $Id$ */
+/*
+ snort_chk_log_dir_size.php
+ part of pfSense
+
+ Modified for the Pfsense snort package v. 1.8+
+ Copyright (C) 2009-2010 Robert Zelaya Developer
+ All rights reserved.
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
+
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
+
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+*/
+
+require_once("/usr/local/pkg/snort/snort.inc");
+
+// 'B' => 1,
+// 'KB' => 1024,
+// 'MB' => 1024 * 1024,
+// 'GB' => 1024 * 1024 * 1024,
+// 'TB' => 1024 * 1024 * 1024 * 1024,
+// 'PB' => 1024 * 1024 * 1024 * 1024 * 1024,
+
+
+/* chk if snort log dir is full if so clear it */
+$snortloglimit = $config['installedpackages']['snortglobal']['snortloglimit'];
+$snortloglimitsize = $config['installedpackages']['snortglobal']['snortloglimitsize'];
+
+if ($g['booting']==true) {
+ exit(0);
+}
+
+if ($snortloglimit == 'off') {
+ exit(0);
+}
+
+$snortloglimitDSKsize = exec('df -k /var | grep -v "Filesystem" | awk \'{print \$4}\'');
+
+$snortlogAlertsizeKB = snort_Getdirsize('/var/log/snort/alert');
+$snortloglimitAlertsizeKB = round($snortlogAlertsizeKB * .70);
+$snortloglimitsizeKB = round($snortloglimitsize * 1024);
+
+/* do I need HUP kill ? */
+if (snort_Getdirsize('/var/log/snort/') >= $snortloglimitsizeKB ) {
+
+ conf_mount_rw();
+ if(file_exists('/var/log/snort/alert')) {
+ if ($snortlogAlertsizeKB >= $snortloglimitAlertsizeKB) {
+ exec('/bin/echo "" > /var/log/snort/alert');
+ }
+ post_delete_logs();
+ exec('/usr/sbin/chown snort:snort /var/log/snort/*');
+ exec('/bin/chmod 660 /var/log/snort/*');
+ //sleep(2);
+ //exec('/usr/bin/killall -HUP snort');
+ }
+ conf_mount_ro();
+
+}
+
+
+?>
\ No newline at end of file |