diff options
author | Ermal Luçi <eri@pfsense.org> | 2014-01-13 03:41:15 -0800 |
---|---|---|
committer | Ermal Luçi <eri@pfsense.org> | 2014-01-13 03:41:15 -0800 |
commit | 13d9babd775498cf1e3b796e07030e946e1cb12a (patch) | |
tree | d21f85d6fcbee014b0221e546927548eced3a340 /config/snort/snort_check_cron_misc.inc | |
parent | 141c1dc4774370210c41580da5ba897bc54c8e12 (diff) | |
parent | 8e3a6c43552fa36df9dd19a0dd0db312add43d11 (diff) | |
download | pfsense-packages-13d9babd775498cf1e3b796e07030e946e1cb12a.tar.gz pfsense-packages-13d9babd775498cf1e3b796e07030e946e1cb12a.tar.bz2 pfsense-packages-13d9babd775498cf1e3b796e07030e946e1cb12a.zip |
Merge pull request #571 from bmeeks8/master
Snort 2.9.5.5 pkg v3.0.2 Update -- Bug Fixes
Diffstat (limited to 'config/snort/snort_check_cron_misc.inc')
-rw-r--r-- | config/snort/snort_check_cron_misc.inc | 51 |
1 files changed, 35 insertions, 16 deletions
diff --git a/config/snort/snort_check_cron_misc.inc b/config/snort/snort_check_cron_misc.inc index e988b949..038a11cd 100644 --- a/config/snort/snort_check_cron_misc.inc +++ b/config/snort/snort_check_cron_misc.inc @@ -52,28 +52,47 @@ if ($snortloglimit == 'off') if (!is_array($config['installedpackages']['snortglobal']['rule'])) return; -$snortloglimitDSKsize = exec('/bin/df -k /var | grep -v "Filesystem" | awk \'{print $4}\''); +/* Convert Log Limit Size setting from MB to KB */ +$snortloglimitsizeKB = round($snortloglimitsize * 1024); +$snortlogdirsizeKB = snort_Getdirsize(SNORTLOGDIR); +if ($snortlogdirsizeKB > 0 && $snortlogdirsizeKB > $snortloglimitsizeKB) { + log_error(gettext("[Snort] Log directory size exceeds configured limit of " . number_format($snortloglimitsize) . " MB set on Global Settings tab. All Snort log files will be truncated.")); + conf_mount_rw(); -foreach ($config['installedpackages']['snortglobal']['rule'] as $value) { - $if_real = snort_get_real_interface($value['interface']); - $snort_uuid = $value['uuid']; - $snort_log_dir = "/var/log/snort/snort_{$if_real}{$snort_uuid}"; + /* Truncate the Rules Update Log file if it exists */ + if (file_exists(RULES_UPD_LOGFILE)) { + log_error(gettext("[Snort] Truncating the Rules Update Log file...")); + $fd = @fopen(RULES_UPD_LOGFILE, "w+"); + if ($fd) + fclose($fd); + } - if (file_exists("{$snort_log_dir}/alert")) { - $snortlogAlertsizeKB = snort_Getdirsize("{$snort_log_dir}/alert"); - $snortloglimitAlertsizeKB = round($snortlogAlertsizeKB * .70); - $snortloglimitsizeKB = round($snortloglimitsize * 1024); + /* Clean-up the logs for each configured Snort instance */ + foreach ($config['installedpackages']['snortglobal']['rule'] as $value) { + $if_real = snort_get_real_interface($value['interface']); + $snort_uuid = $value['uuid']; + $snort_log_dir = SNORTLOGDIR . "/snort_{$if_real}{$snort_uuid}"; + log_error(gettext("[Snort] Truncating logs for {$value['descr']} ({$if_real})...")); + snort_post_delete_logs($snort_uuid); - /* do I need HUP kill ? */ - if (snort_Getdirsize($snort_log_dir) >= $snortloglimitsizeKB ) { - conf_mount_rw(); - if ($snortlogAlertsizeKB >= $snortloglimitAlertsizeKB) - @file_put_contents("{$snort_log_dir}/alert", ""); - snort_post_delete_logs($snort_uuid); - conf_mount_ro(); + /* Truncate the alert log file if it exists */ + if (file_exists("{$snort_log_dir}/alert")) { + $fd = @fopen("{$snort_log_dir}/alert", "w+"); + if ($fd) + fclose($fd); } + /* This is needed if snort is run as snort user */ + mwexec('/bin/chmod 660 /var/log/snort/*', true); + + /* Soft-restart Snort process to resync logging */ + if (file_exists("{$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid")) { + log_error(gettext("[Snort] Restarting logging on {$value['descr']} ({$if_real})...")); + mwexec("/bin/pkill -HUP -F {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid -a"); + } } + conf_mount_ro(); + log_error(gettext("[Snort] Automatic clean-up of Snort logs completed.")); } ?> |