CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

[fix] Wazuh not saving .log files anymore, only check .json files

Browse Source
This commit is contained in:
William Wernert
2020-10-08 12:41:51 -04:00
parent 034750fe5b
commit 2ad3f9da11
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
salt/common/tools/sbin/so-sensor-clean
View File

@@ -84,9 +84,9 @@ clean() {
# Clean Wazuh archives
# Slightly different code since we have 2 files to remove (.json and .log)
WAZUH_ARCHIVE='/nsm/wazuh/logs/archives'
OLDEST_WAZUH=$(find $WAZUH_ARCHIVE -type f ! -name "archives.json" ! -name "archives.log" -printf "%T+\t%p\n" | sort -n | awk '{print $1}' | head -n 1)
OLDEST_WAZUH=$(find $WAZUH_ARCHIVE -type f ! -name "archives.json" -printf "%T+\t%p\n" | sort -n | awk '{print $1}' | head -n 1)
# Make sure we don't delete the current files
find $WAZUH_ARCHIVE -type f ! -name "archives.json" ! -name "archives.log" -printf "%T+\t%p\n" | sort -n | awk '{print $2}' | head -n 2 >/tmp/files$$
find $WAZUH_ARCHIVE -type f ! -name "archives.json" -printf "%T+\t%p\n" | sort -n | awk '{print $2}' | head -n 1 >/tmp/files$$
if [[ $(wc -l </tmp/files$$) -ge 1 ]]; then
echo "$(date) - Removing logs for $OLDEST_WAZUH" >>$LOG
while read -r line; do