More fixes for auto log cleanup cron job.

1 files changed, 34 insertions, 20 deletions

diff --git a/config/snort/snort_check_cron_misc.inc b/config/snort/snort_check_cron_misc.inc
index c1835dd0..038a11cd 100644
--- a/config/snort/snort_check_cron_misc.inc
+++ b/config/snort/snort_check_cron_misc.inc
@@ -52,33 +52,47 @@ if ($snortloglimit == 'off')
 if (!is_array($config['installedpackages']['snortglobal']['rule']))
 	return;
 
-foreach ($config['installedpackages']['snortglobal']['rule'] as $value) {
-	$if_real = snort_get_real_interface($value['interface']);
-	$snort_uuid = $value['uuid'];
-	$snort_log_dir = SNORTLOGDIR . "/snort_{$if_real}{$snort_uuid}";
+/* Convert Log Limit Size setting from MB to KB */
+$snortloglimitsizeKB = round($snortloglimitsize * 1024);
+$snortlogdirsizeKB = snort_Getdirsize(SNORTLOGDIR);
+if ($snortlogdirsizeKB > 0 && $snortlogdirsizeKB > $snortloglimitsizeKB) {
+	log_error(gettext("[Snort] Log directory size exceeds configured limit of " . number_format($snortloglimitsize) . " MB set on Global Settings tab. All Snort log files will be truncated."));
+	conf_mount_rw();
 
-	if (file_exists("{$snort_log_dir}/alert")) {
-		$snortlogAlertsizeKB = snort_Getdirsize("{$snort_log_dir}/alert");
-		$snortloglimitsizeKB = round($snortloglimitsize * 1024);
+	/* Truncate the Rules Update Log file if it exists */
+	if (file_exists(RULES_UPD_LOGFILE)) {
+		log_error(gettext("[Snort] Truncating the Rules Update Log file..."));
+		$fd = @fopen(RULES_UPD_LOGFILE, "w+");
+		if ($fd)
+			fclose($fd);
+	}
+
+	/* Clean-up the logs for each configured Snort instance */
+	foreach ($config['installedpackages']['snortglobal']['rule'] as $value) {
+		$if_real = snort_get_real_interface($value['interface']);
+		$snort_uuid = $value['uuid'];
+		$snort_log_dir = SNORTLOGDIR . "/snort_{$if_real}{$snort_uuid}";
+		log_error(gettext("[Snort] Truncating logs for {$value['descr']} ({$if_real})..."));
+		snort_post_delete_logs($snort_uuid);
 
-		if (snort_Getdirsize($snort_log_dir) >= $snortloglimitsizeKB ) {
-			conf_mount_rw();
-			log_error(gettext("[Snort] Snort Log directory size exceeds limit set in Global Settings."));
-			log_error(gettext("[Snort] Logs for {$value['descr']} ({$if_real}) will be truncated."));
-			snort_post_delete_logs($snort_uuid);
+		/* Truncate the alert log file if it exists */
+		if (file_exists("{$snort_log_dir}/alert")) {
 			$fd = @fopen("{$snort_log_dir}/alert", "w+");
 			if ($fd)
 				fclose($fd);
-			/* XXX: This is needed if snort is run as snort user */
-			mwexec('/bin/chmod 660 /var/log/snort/*', true);
-			/* XXX: Soft-restart Snort process to resync logging */
-			if (file_exists("{$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid")) {
-				log_error(gettext("[Snort] Restarting logging on {$value['descr']} ({$if_real})"));
-				mwexec("/bin/pkill -HUP -F {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid -a");
-			}
-			conf_mount_ro();
+		}
+
+		/* This is needed if snort is run as snort user */
+		mwexec('/bin/chmod 660 /var/log/snort/*', true);
+
+		/* Soft-restart Snort process to resync logging */
+		if (file_exists("{$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid")) {
+			log_error(gettext("[Snort] Restarting logging on {$value['descr']} ({$if_real})..."));
+			mwexec("/bin/pkill -HUP -F {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid -a");
 		}
 	}
+	conf_mount_ro();
+	log_error(gettext("[Snort] Automatic clean-up of Snort logs completed."));
 }
 
 ?>