Penoy's Tech Corner: Snortalog script

#/bin/bash
#Logfile rotation script snort written by jameso@elwood.net
#modified by penoi

snortbase=/var/log/snort
logdir=$snortbase
oldlogs=$snortbase/oldlogs
weeklogs=$snortbase/weeklogs

#setting up the date
month=`date "+%m"`
yesterday=`expr \`date "+%d"\` - 1`
eightday=`expr \`date "+%d"\` - 8`
year=`date "+%y"`
dirdate=$month-$yesterday-$year
olddirdate=$month-$eightday-$year

./snortalog.pl -file /var/log/snort/alert -r -report -o $dirdate.html

# Create the Dir for todays logs.
if [ ! -d $weeklogs/$dirdate ]
then
mkdir $weeklogs/$dirdate
fi

for logitem in `ls $logdir` ; do
mv /var/log/snort/$logitem $weeklogs/$dirdate
done

#kill snort
#pid=`ps -ef | grep 'snort -c /etc/snort/snort.conf -i eth1' | grep -v grep| awk '{print $2}'`
pid=`ps -ef | grep 'snort -i eth1' | grep -v grep | awk '{print $2}'`
kill $pid

#Restart snort
/usr/local/bin/snort -i eth1 -c /etc/snort/snort.conf -D &

# Delete any uncompressed log files that over a week old.
if [ -d $weeklogs/$olddirdate ]
then
rm -r $weeklogs/$olddirdate
fi

#Compressed and save the log files to save for aslong as you want
cd $weeklogs; tar zcvf $oldlogs/$dirdate.tgz $dirdate > /dev/null 2>&1

Penoy's Tech Corner

Tuesday, July 17, 2007

Snortalog script

No comments:

Feedjit

About Me