1, // 'KB' => 1024, // 'MB' => 1024 * 1024, // 'GB' => 1024 * 1024 * 1024, // 'TB' => 1024 * 1024 * 1024 * 1024, // 'PB' => 1024 * 1024 * 1024 * 1024 * 1024, /* chk if snort log dir is full if so clear it */ $suricataloglimit = $config['installedpackages']['suricata']['config'][0]['suricataloglimit']; $suricataloglimitsize = $config['installedpackages']['suricata']['config'][0]['suricataloglimitsize']; if ($g['booting']==true) return; if ($suricataloglimit == 'off') return; if (!is_array($config['installedpackages']['suricata']['rule'])) return; /* Convert Log Limit Size setting from MB to KB */ $suricataloglimitsizeKB = round($suricataloglimitsize * 1024); $suricatalogdirsizeKB = suricata_Getdirsize(SURICATALOGDIR); if ($suricatalogdirsizeKB > 0 && $suricatalogdirsizeKB > $suricataloglimitsizeKB) { log_error(gettext("[Suricata] Log directory size exceeds configured limit of " . number_format($suricataloglimitsize) . " MB set on Global Settings tab. All Suricata log files will be truncated.")); conf_mount_rw(); /* Truncate the Rules Update Log file if it exists */ if (file_exists(RULES_UPD_LOGFILE)) { log_error(gettext("[Suricata] Truncating the Rules Update Log file...")); $fd = @fopen(RULES_UPD_LOGFILE, "w+"); if ($fd) fclose($fd); } /* Clean-up the logs for each configured Suricata instance */ foreach ($config['installedpackages']['suricata']['rule'] as $value) { $if_real = get_real_interface($value['interface']); $suricata_uuid = $value['uuid']; $suricata_log_dir = SURICATALOGDIR . "suricata_{$if_real}{$suricata_uuid}"; log_error(gettext("[Suricata] Truncating logs for {$value['descr']} ({$if_real})...")); suricata_post_delete_logs($suricata_uuid); // Initialize an array of the log files we want to prune $logs = array ( "alerts.log", "http.log", "files-json.log", "tls.log", "stats.log" ); foreach ($logs as $file) { // Truncate the log file if it exists if (file_exists("{$suricata_log_dir}/$file")) { $fd = @fopen("{$suricata_log_dir}/$file", "w+"); if ($fd) fclose($fd); } } // Check for any captured stored files and clean them up $filelist = glob("{$suricata_log_dir}/files/*"); if (!empty($filelist)) { foreach ($filelist as $file) @unlink($file); } // This is needed if suricata is run as suricata user mwexec('/bin/chmod 660 /var/log/suricata/*', true); // Soft-restart Suricata process to resync logging if (file_exists("{$g['varrun_path']}/suricata_{$if_real}{$suricata_uuid}.pid")) { log_error(gettext("[Suricata] Restarting logging on {$value['descr']} ({$if_real})...")); mwexec("/bin/pkill -HUP -F {$g['varrun_path']}/suricata_{$if_real}{$suricata_uuid}.pid -a"); } } conf_mount_ro(); log_error(gettext("[Suricata] Automatic clean-up of Suricata logs completed.")); } ?>