diff options
| author | bmeeks8 <bmeeks8@bellsouth.net> | 2014-10-03 21:38:59 -0400 |
|---|---|---|
| committer | bmeeks8 <bmeeks8@bellsouth.net> | 2014-12-15 12:04:39 -0500 |
| commit | 23933b62da3f2f0cf3c3cd3cca815a3ee31cc748 (patch) | |
| tree | 0819bf53b1dddd1483a924097f0011b652dac334 /config/suricata/suricata_check_cron_misc.inc | |
| parent | e3bf51ab665dd6551d3b71a777d506dcd8dd10b5 (diff) | |
| download | pfsense-packages-23933b62da3f2f0cf3c3cd3cca815a3ee31cc748.tar.gz pfsense-packages-23933b62da3f2f0cf3c3cd3cca815a3ee31cc748.tar.bz2 pfsense-packages-23933b62da3f2f0cf3c3cd3cca815a3ee31cc748.zip | |
Remove pcap logs over configured max_files limit.
Diffstat (limited to 'config/suricata/suricata_check_cron_misc.inc')
| -rw-r--r-- | config/suricata/suricata_check_cron_misc.inc | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/config/suricata/suricata_check_cron_misc.inc b/config/suricata/suricata_check_cron_misc.inc index d275c5a7..eb1ba2d0 100644 --- a/config/suricata/suricata_check_cron_misc.inc +++ b/config/suricata/suricata_check_cron_misc.inc @@ -97,6 +97,10 @@ function suricata_check_dir_size_limit($suricataloglimitsize) { log_error(gettext("[Suricata] Deleting any rotated log files for {$value['descr']} ({$if_real})...")); unlink_if_exists("{$suricata_log_dir}/*.log.*"); + // Cleanup any rotated pcap logs + log_error(gettext("[Suricata] Deleting any rotated pcap log files for {$value['descr']} ({$if_real})...")); + unlink_if_exists("{$suricata_log_dir}/log.pcap.*"); + // Check for any captured stored files and clean them up unlink_if_exists("{$suricata_log_dir}/files/*"); @@ -221,6 +225,7 @@ if ($config['installedpackages']['suricata']['config'][0]['enable_log_mgmt'] == $config['installedpackages']['suricata']['config'][0]['file_store_retention'] > 0) { $now = time(); $files = glob("{$suricata_log_dir}/files/file.*"); + $prune_count = 0; foreach ($files as $f) { if (($now - filemtime($f)) > ($config['installedpackages']['suricata']['config'][0]['file_store_retention'] * 3600)) { $prune_count++; @@ -231,6 +236,25 @@ if ($config['installedpackages']['suricata']['config'][0]['enable_log_mgmt'] == log_error(gettext("[Suricata] File Store cleanup job removed {$prune_count} file(s) from {$suricata_log_dir}/files/...")); unset($files); } + + // Prune any pcap log files over configured limit + $files = glob("{$suricata_log_dir}/log.pcap.*"); + if (count($files) > $value['max_pcap_log_files']) { + $over = count($files) - $value['max_pcap_log_files']; + $remove_files = array(); + while ($over > 0) { + $remove_files[] = array_shift($files); + $over--; + } + $prune_count = 0; + foreach ($remove_files as $f) { + $prune_count++; + unlink_if_exists($f); + } + if ($prune_count > 0) + log_error(gettext("[Suricata] Packet Capture log cleanup job removed {$prune_count} file(s) from {$suricata_log_dir}/...")); + unset($files, $remove_files); + } } } |