diff options
Diffstat (limited to 'config/suricata/suricata_check_cron_misc.inc')
| -rw-r--r-- | config/suricata/suricata_check_cron_misc.inc | 45 |
1 files changed, 34 insertions, 11 deletions
diff --git a/config/suricata/suricata_check_cron_misc.inc b/config/suricata/suricata_check_cron_misc.inc index b9ba3fb7..f750c530 100644 --- a/config/suricata/suricata_check_cron_misc.inc +++ b/config/suricata/suricata_check_cron_misc.inc @@ -3,12 +3,23 @@ * suricata_check_cron_misc.inc * part of pfSense * + * Significant portions of this code are based on original work done + * for the Snort package for pfSense from the following contributors: + * + * Copyright (C) 2005 Bill Marquette <bill.marquette@gmail.com>. + * Copyright (C) 2003-2004 Manuel Kasper <mk@neon1.net>. + * Copyright (C) 2006 Scott Ullrich + * Copyright (C) 2009 Robert Zelaya Sr. Developer + * Copyright (C) 2012 Ermal Luci + * All rights reserved. + * + * Adapted for Suricata by: * Copyright (C) 2014 Bill Meeks * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: - * + * 1. Redistributions of source code must retain the above copyright notice, * this list of conditions and the following disclaimer. * @@ -173,19 +184,31 @@ if ($config['installedpackages']['suricata']['config'][0]['enable_log_mgmt'] == $suricata_log_dir = SURICATALOGDIR . "suricata_{$if_real}{$value['uuid']}"; foreach ($logs as $k => $p) suricata_check_rotate_log("{$suricata_log_dir}/{$k}", $p['limit']*1024, $p['retention']); - } - // Prune any aged-out Barnyard2 archived logs if any exist - if (is_dir("{$suricata_log_dir}/barnyard2/archive") && - $config['installedpackages']['suricata']['config'][0]['u2_archive_log_retention'] > 0) { - $now = time(); - $files = glob("{$suricata_log_dir}/barnyard2/archive/unified2.alert.*"); - foreach ($files as $f) { - if (($now - filemtime($f)) > ($config['installedpackages']['suricata']['config'][0]['u2_archive_log_retention'] * 3600)) - unlink_if_exists($f); + // Prune any aged-out Barnyard2 archived logs if any exist + if (is_dir("{$suricata_log_dir}/barnyard2/archive") && + $config['installedpackages']['suricata']['config'][0]['u2_archive_log_retention'] > 0) { + $now = time(); + $files = glob("{$suricata_log_dir}/barnyard2/archive/unified2.alert.*"); + foreach ($files as $f) { + if (($now - filemtime($f)) > ($config['installedpackages']['suricata']['config'][0]['u2_archive_log_retention'] * 3600)) + unlink_if_exists($f); + } + } + unset($files); + + // Prune aged-out File Store files if any exist + if (is_dir("{$suricata_log_dir}/files") && + $config['installedpackages']['suricata']['config'][0]['file_store_retention'] > 0) { + $now = time(); + $files = glob("{$suricata_log_dir}/files/file.*"); + foreach ($files as $f) { + if (($now - filemtime($f)) > ($config['installedpackages']['suricata']['config'][0]['file_store_retention'] * 3600)) + unlink_if_exists($f); + } } + unset($files); } - unset($files); } // Check the overall log directory limit (if enabled) and prune if necessary |