[Snort-users] Revised log rollover script

John_Delisle at ...1523... John_Delisle at ...1523...
Thu Mar 22 17:32:02 EST 2001


One tool you may want to look at is logrotate, it's available in most linux
distributions or off the web.  It has a central config file and handles
starting and stopping daemons.

John Delisle
Corporate Technology
Ceridian Canada Ltd
204-975-5909


                                                                                                                                   
                    Neil Dickey                                                                                                    
                    <neil at ...1633...>                  To:     snort-users at lists.sourceforge.net                                 
                    Sent by:                             cc:                                                                       
                    snort-users-admin at ...635...        Subject:     [Snort-users] Revised log rollover script                    
                    eforge.net                                                                                                     
                                                                                                                                   
                                                                                                                                   
                    2001/03/22 03:12 PM                                                                                            
                    Please respond to Neil Dickey                                                                                  
                                                                                                                                   
                                                                                                                                   




Gregor Binder very kindly made some suggestions to me for
improving the script I posted to the list earlier.  It is
hoped that the changes will make it easier for those less
familiar with unix to configure and run the script, as all
of the user-configurable parameters have been gathered
together and identified near the top.

I've tested it carefully, and the new version seems to work
fine.  Please let me know if you find any bugs.

Best regards,

Neil Dickey, Ph.D.
Research Associate/Sysop
Geology Department
Northern Illinois University
DeKalb, Illinois
60115

---------------------------------------------------------------------

#!/sbin/sh
#
# Script designed to roll over commonly used Snort logs, and
# restart the daemon.  Be sure to make the changes indicated
# under "USER CONFIGURABLE PARAMETERS" before attempting to
# run the script.
#
#     NDJr 03/22/01
#

BIN=/usr/bin

# USER CONFIGURABLE PARAMETERS
#==================================================================

# Set COMPRESS to the full path and executable of your file
# compression program.  I use 'gzip'.

COMPRESS=/usr/local/bin/gzip

# Specify the appropriate paths for the PID and LOGROOT variables.
# The path in PID should include the actual name of the file which
# contains the current Snort pid.  Don't include the names of any
# actual logfiles in LOGROOT -- it's a path to a directory.

# Uncomment this PID setting and comment out the other if you do
# not wish the daemon to be reset for some reason.
#PID="noreset"

PID=`$BIN/cat /path/to/snort_Xe0.pid`
LOGROOT=/path/to/Snort/logs

# Set maximum number of past logs to save.

MAXLOGS=7

# List files to be rolled over.  The quotation marks and the spaces
# between filenames should be preserved.  The files listed are the
# ones I maintain with this script.  You can list more or fewer.

FILENAMES="alert snort_portscan.log MAIL"

#==================================================================
# YOU SHOULDN'T NEED TO ALTER ANYTHING BELOW THIS LINE.
# Many thanks to Gregor Binder for suggesting a better way to write
# the 'rollover' subroutine.

rollover() {
  LOOPCTL="$2"
  while [ "$LOOPCTL" -gt 0 ]; do
    SAVE="$LOOPCTL"
    LOOPCTL=`$BIN/expr $LOOPCTL - 1`
    [ -f "${1}.${LOOPCTL}.gz" ] && $BIN/mv "${1}.${LOOPCTL}.gz" "${1}.
${SAVE}.gz"
  done

  [ -f "$1" ] && $BIN/mv "$1" "${1}.0"

  $BIN/touch $1
  $BIN/chgrp root $1
  $BIN/chmod 660 $1
}

cleanup() {
  PID=
  LOGROOT=
  BIN=
  MAXLOGS=
  SAVE=
  COMPRESS=
  FILENAMES=
  LOOPCTL=
}

for i in $FILENAMES
do
  if [ -s $LOGROOT/$i ]; then
    rollover $LOGROOT/$i $MAXLOGS
  fi
  if [ -s $LOGROOT/$i.0 ]; then
    $COMPRESS $LOGROOT/$i.0
  fi
done

if [ "$PID" != "noreset" ]; then
  $BIN/kill -HUP $PID
fi

cleanup

_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users








More information about the Snort-users mailing list