From ba3edc934faf8887fd5ea9e785392d84f2cd288c Mon Sep 17 00:00:00 2001 From: bmeeks8 Date: Sat, 11 Jan 2014 11:49:44 -0500 Subject: More fixes for auto log cleanup cron job. --- config/snort/snort.inc | 1 + config/snort/snort_check_cron_misc.inc | 54 +++++++++++++++++++++------------- 2 files changed, 35 insertions(+), 20 deletions(-) (limited to 'config/snort') diff --git a/config/snort/snort.inc b/config/snort/snort.inc index 7a151f7a..4351a9b0 100755 --- a/config/snort/snort.inc +++ b/config/snort/snort.inc @@ -678,6 +678,7 @@ function snort_post_delete_logs($snort_uuid = 0) { } } +/* This returns size of passed directory or file in 1024-byte blocks */ function snort_Getdirsize($node) { if(!is_readable($node)) return false; diff --git a/config/snort/snort_check_cron_misc.inc b/config/snort/snort_check_cron_misc.inc index c1835dd0..038a11cd 100644 --- a/config/snort/snort_check_cron_misc.inc +++ b/config/snort/snort_check_cron_misc.inc @@ -52,33 +52,47 @@ if ($snortloglimit == 'off') if (!is_array($config['installedpackages']['snortglobal']['rule'])) return; -foreach ($config['installedpackages']['snortglobal']['rule'] as $value) { - $if_real = snort_get_real_interface($value['interface']); - $snort_uuid = $value['uuid']; - $snort_log_dir = SNORTLOGDIR . "/snort_{$if_real}{$snort_uuid}"; +/* Convert Log Limit Size setting from MB to KB */ +$snortloglimitsizeKB = round($snortloglimitsize * 1024); +$snortlogdirsizeKB = snort_Getdirsize(SNORTLOGDIR); +if ($snortlogdirsizeKB > 0 && $snortlogdirsizeKB > $snortloglimitsizeKB) { + log_error(gettext("[Snort] Log directory size exceeds configured limit of " . number_format($snortloglimitsize) . " MB set on Global Settings tab. All Snort log files will be truncated.")); + conf_mount_rw(); - if (file_exists("{$snort_log_dir}/alert")) { - $snortlogAlertsizeKB = snort_Getdirsize("{$snort_log_dir}/alert"); - $snortloglimitsizeKB = round($snortloglimitsize * 1024); + /* Truncate the Rules Update Log file if it exists */ + if (file_exists(RULES_UPD_LOGFILE)) { + log_error(gettext("[Snort] Truncating the Rules Update Log file...")); + $fd = @fopen(RULES_UPD_LOGFILE, "w+"); + if ($fd) + fclose($fd); + } + + /* Clean-up the logs for each configured Snort instance */ + foreach ($config['installedpackages']['snortglobal']['rule'] as $value) { + $if_real = snort_get_real_interface($value['interface']); + $snort_uuid = $value['uuid']; + $snort_log_dir = SNORTLOGDIR . "/snort_{$if_real}{$snort_uuid}"; + log_error(gettext("[Snort] Truncating logs for {$value['descr']} ({$if_real})...")); + snort_post_delete_logs($snort_uuid); - if (snort_Getdirsize($snort_log_dir) >= $snortloglimitsizeKB ) { - conf_mount_rw(); - log_error(gettext("[Snort] Snort Log directory size exceeds limit set in Global Settings.")); - log_error(gettext("[Snort] Logs for {$value['descr']} ({$if_real}) will be truncated.")); - snort_post_delete_logs($snort_uuid); + /* Truncate the alert log file if it exists */ + if (file_exists("{$snort_log_dir}/alert")) { $fd = @fopen("{$snort_log_dir}/alert", "w+"); if ($fd) fclose($fd); - /* XXX: This is needed if snort is run as snort user */ - mwexec('/bin/chmod 660 /var/log/snort/*', true); - /* XXX: Soft-restart Snort process to resync logging */ - if (file_exists("{$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid")) { - log_error(gettext("[Snort] Restarting logging on {$value['descr']} ({$if_real})")); - mwexec("/bin/pkill -HUP -F {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid -a"); - } - conf_mount_ro(); + } + + /* This is needed if snort is run as snort user */ + mwexec('/bin/chmod 660 /var/log/snort/*', true); + + /* Soft-restart Snort process to resync logging */ + if (file_exists("{$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid")) { + log_error(gettext("[Snort] Restarting logging on {$value['descr']} ({$if_real})...")); + mwexec("/bin/pkill -HUP -F {$g['varrun_path']}/snort_{$if_real}{$snort_uuid}.pid -a"); } } + conf_mount_ro(); + log_error(gettext("[Snort] Automatic clean-up of Snort logs completed.")); } ?> -- cgit v1.2.3