CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

Ensure Suricata move events get picked up

Browse Source
This commit is contained in:
Jason Ertel
2022-12-06 11:39:58 -05:00
parent 93ca7548f8
commit 0dd2e51e83
1 changed files with 6 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
salt/strelka/filecheck/filecheck
View File

@@ -74,17 +74,21 @@ def process(filename, hizash):
class CreatedEventHandler(FileSystemEventHandler):
def on_created(self, event):
logging.info("File create detected: " + event.src_path)
checksum(event.src_path)
def on_moved(self, event):
logging.info("File move detected: " + event.src_path + " -> " + event.dest_path)
checksum(event.dest_path)
if __name__ == "__main__":
logging.info("Starting filecheck")
checkexisting()
event_handler =CreatedEventHandler()
shutdown = False
while not shutdown:
checkexisting()
logging.info("Scheduling observer")
observer = Observer()
observer.schedule(event_handler, extract_path, recursive=True)