[Snort-users] Problem & Solution - Snort binary log file timestamps screwed up

Cloppert, Michael Michael.Cloppert at ...5884...
Wed May 21 09:24:10 EDT 2003


FYI:
 
[many details left out for brevity]  All of my snort.log.* binary file dates
got screwed up due to a script that ran amok, which makes it difficult to
determine what logs to delete (retention policy, etc...).  To restore my
date/timestamps on the files themselves (after fixing the script, of
course!), I ran the following in my /var/log/snort directory:
 
for i in `ls snort.log.*` ; do stamp=`tcpdump -ttttnnr $i |tail -n 1 |sed
"s/\//\ /g" |sed "s/\:/\ /g" |awk '{print $3$1$2$4$5}'`; echo $i : $stamp ;
touch $i -t $stamp ; done
 
I'm sure there's a better way to do it, but this worked for me, and I
figured I'd share it in case anyone was in a similar situation.
 
Cheers,
Michael Cloppert
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20030521/b77691f1/attachment.html>


More information about the Snort-users mailing list