[Snort-users] Problem & Solution - Snort binary log file timestamps screwed up

Cloppert, Michael Michael.Cloppert at ...5884...
Wed May 21 09:24:10 EDT 2003

[many details left out for brevity]  All of my snort.log.* binary file dates
got screwed up due to a script that ran amok, which makes it difficult to
determine what logs to delete (retention policy, etc...).  To restore my
date/timestamps on the files themselves (after fixing the script, of
course!), I ran the following in my /var/log/snort directory:
for i in `ls snort.log.*` ; do stamp=`tcpdump -ttttnnr $i |tail -n 1 |sed
"s/\//\ /g" |sed "s/\:/\ /g" |awk '{print $3$1$2$4$5}'`; echo $i : $stamp ;
touch $i -t $stamp ; done
I'm sure there's a better way to do it, but this worked for me, and I
figured I'd share it in case anyone was in a similar situation.
Michael Cloppert
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20030521/b77691f1/attachment.html>

More information about the Snort-users mailing list