#!/bin/bash
#
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at 
# https://securityonion.net/license; you may not use this file except in compliance with the
# Elastic License 2.0.


. /usr/sbin/so-common

SKIP=0
#########################################
# Options
#########################################
usage()
{
cat <<EOF
Security Onion NSM Data Deletion
  Options:
  -h         This message
  -y         Skip interactive mode
EOF
}
while getopts "h:y" OPTION
do
        case $OPTION in
                h)
                        usage
                        exit 0
                        ;;
                
                y)
                        SKIP=1
                        ;;
                *)
                        usage
                        exit 0
                        ;;
        esac
done
if [ $SKIP -ne 1 ]; then
        # Inform user we are about to delete all data
        echo
        echo "This script will delete all NIDS data (PCAP, Suricata, Zeek)" 
        echo "If you would like to proceed, please type "AGREE" and hit ENTER."
        echo
        # Read user input
        read INPUT
        if [ "$INPUT" != "AGREE" ] ; then exit 0; fi
fi

delete_pcap() {
  PCAP_DATA="/nsm/pcap/"
  [ -d $PCAP_DATA ] && so-pcap-stop && rm -rf $PCAP_DATA/* && so-pcap-start
}
delete_suricata() {
  SURI_LOG="/opt/so/log/suricata/eve.json"
  [ -f $SURI_LOG ] && so-suricata-stop && rm -f $SURI_LOG && so-suricata-start
}
delete_zeek() {
  ZEEK_LOG="/nsm/zeek/logs/"
  [ -d $ZEEK_LOG ] && so-zeek-stop && rm -rf $ZEEK_LOG/* && so-zeek-start
}

delete_pcap
delete_suricata
delete_zeek

