aboutsummaryrefslogtreecommitdiffstats
path: root/config/snort
diff options
context:
space:
mode:
authorbmeeks8 <bmeeks8@bellsouth.net>2014-01-11 11:49:44 -0500
committerbmeeks8 <bmeeks8@bellsouth.net>2014-01-11 11:49:44 -0500
commitba3edc934faf8887fd5ea9e785392d84f2cd288c (patch)
tree1cca87eedf412465e5653e0f9b73624aa7c569a1 /config/snort
parentddb8be298c6346b625b3381ebbff715f59645a60 (diff)
downloadpfsense-packages-ba3edc934faf8887fd5ea9e785392d84f2cd288c.tar.gz
pfsense-packages-ba3edc934faf8887fd5ea9e785392d84f2cd288c.tar.bz2
pfsense-packages-ba3edc934faf8887fd5ea9e785392d84f2cd288c.zip
More fixes for auto log cleanup cron job.
Diffstat (limited to 'config/snort')
-rwxr-xr-xconfig/snort/snort.inc1
-rw-r--r--config/snort/snort_check_cron_misc.inc54
2 files changed, 35 insertions, 20 deletions
diff --git a/config/snort/snort.inc b/config/snort/snort.inc
index 7a151f7a..4351a9b0 100755
--- a/config/snort/snort.inc
+++ b/config/snort/snort.inc
@@ -678,6 +678,7 @@ function snort_post_delete_logs($snort_uuid = 0) {
}
}
+/* This returns size of passed directory or file in 1024-byte blocks */
function snort_Getdirsize($node) {
if(!is_readable($node))
return false;
diff --git a/config/snort/snort_check_cron_misc.inc b/config/snort/snort_check_cron_misc.inc
index c1835dd0..038a11cd 100644
--- a/config/snort/snort_check_cron_misc.inc
+++ b/config/snort/snort_check_cron_misc.inc
@@ -52,33 +52,47 @@ if ($snortloglimit == 'off')
if (!is_array($config['installedpackages']['snortglobal']['rule']))
return;
-foreach ($config['installedpackages']['snortglobal']['rule'] as $value) {
- $if_real = snort_get_real_interface($value['interface']);
- $snort_uuid = $value['uuid'];
- $snort_log_dir = SNORTLOGDIR . "/snort_{$if_real}{$snort_uuid}";
+/* Convert Log Limit Size setting from MB to KB */
+$snortloglimitsizeKB = round($snortloglimitsize * 1024);
+$snortlogdirsizeKB = snort_Getdirsize(SNORTLOGDIR);
+if ($snortlogdirsizeKB > 0 && $snortlogdirsizeKB > $snortloglimitsizeKB) {
+ log_error(gettext("[Snort] Log directory size exceeds configured limit of " . number_format($snortloglimitsize) . " MB set on Global Settings tab. All Snort log files will be truncated."));
+ conf_mount_rw();
- if (file_exists("{$snort_log_dir}/alert")) {
- $snortlogAlertsizeKB = snort_Getdirsize("{$snort_log_dir}/alert");
- $snortloglimitsizeKB = round($snortloglimitsize * 1024);
+ /* Truncate the Rules Update Log file if it exists */
+ if (file_exists(RULES_UPD_LOGFILE)) {
+ log_error(gettext("[Snort] Truncating the Rules Update Log file..."));
+ $fd = @fopen(RULES_UPD_LOGFILE, "w+");
+ if ($fd)
+ fclose($fd);
+ }
+
+ /* Clean-up the logs for each configured Snort instance */
+ foreach ($config['installedpackages']['snortglobal']['rule'] as $value) {
+ $if_real = snort_get_real_interface($value['interface']);
+ $snort_uuid = $value['uuid'];
+ $snort_log_dir = SNORTLOGDIR . "/snort_{$if_real}{$snort_uuid}";
+ log_error(gettext("[Snort] Truncating logs for {$value['descr']} ({$if_real})..."));
+ snort_post_delete_logs($snort_uuid);
- if (snort_Getdirsize($snort_log_dir) >= $snortloglimitsizeKB ) {
- conf_mount_rw();
- log_error(gettext("[Snort] Snort Log directory size exceeds limit set in Global Settings."));
- log_error(gettext("[Snort] Logs for {$value['descr']} ({$if_real}) will be truncated."));
- snort_post_delete_logs($snort_uuid);
+ /* Truncate the alert log file if it exists */
+ if (file_exists("{$snort_log_dir}/alert")) {
$fd = @fopen("{$snort_log_dir}/alert", "w+");
if ($fd)
fclose($fd);
- /* XXX: This is needed if snort is run as snort user */
- mwexec('/bin/chmod 660 /var/log/snort/*', true);
- /* XXX: Soft-restart Snort process to resync logging */
- if (file_exists("{$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid")) {
- log_error(gettext("[Snort] Restarting logging on {$value['descr']} ({$if_real})"));
- mwexec("/bin/pkill -HUP -F {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid -a");
- }
- conf_mount_ro();
+ }
+
+ /* This is needed if snort is run as snort user */
+ mwexec('/bin/chmod 660 /var/log/snort/*', true);
+
+ /* Soft-restart Snort process to resync logging */
+ if (file_exists("{$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid")) {
+ log_error(gettext("[Snort] Restarting logging on {$value['descr']} ({$if_real})..."));
+ mwexec("/bin/pkill -HUP -F {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid -a");
}
}
+ conf_mount_ro();
+ log_error(gettext("[Snort] Automatic clean-up of Snort logs completed."));
}
?>