#!/bin/bash
#
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at 
# https://securityonion.net/license; you may not use this file except in compliance with the
# Elastic License 2.0.


. /usr/sbin/so-common

SKIP=0
#########################################
# Options
#########################################
usage()
{
cat <<EOF
Security Onion NSM Data Deletion
  Options:
  -h         This message
  -y         Skip interactive mode
EOF
}
while getopts "h:y" OPTION
do
        case $OPTION in
                h)
                        usage
                        exit 0
                        ;;
                
                y)
                        SKIP=1
                        ;;
                *)
                        usage
                        exit 0
                        ;;
        esac
done
if [ $SKIP -ne 1 ]; then
        # Inform user we are about to delete all data
        echo
        echo "This script will delete all NSM data from /nsm."
        echo
        echo "This includes Suricata data, Zeek data, and full packet capture (PCAP)."
        echo
        echo "This will NOT delete any Suricata or Zeek logs that have already been ingested into Elasticsearch."
        echo
        echo "If you would like to proceed, then type AGREE and press ENTER."
        echo
        # Read user input
        read INPUT
        if [ "$INPUT" != "AGREE" ] ; then exit 0; fi
fi

delete_pcap() {
  PCAP_DATA="/nsm/pcap/"
  [ -d $PCAP_DATA ] && so-pcap-stop && rm -rf $PCAP_DATA/* && so-pcap-start
}
delete_suricata() {
  SURI_LOG="/nsm/suricata/"
  [ -d $SURI_LOG ] && so-suricata-stop && rm -rf $SURI_LOG/* && so-suricata-start
}
delete_zeek() {
  ZEEK_LOG="/nsm/zeek/logs/"
  [ -d $ZEEK_LOG ] && so-zeek-stop && rm -rf $ZEEK_LOG/* && so-zeek-start
}

delete_pcap
delete_suricata
delete_zeek

