CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix the issues with so-influxdb-clear

Browse Source
This commit is contained in:
m0duspwnens
2021-05-05 14:56:53 -04:00
parent e532804474
commit a5ee8fb59d
1 changed files with 18 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
salt/common/tools/sbin/so-influxdb-clear
View File

@@ -15,8 +15,14 @@
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
modurregex="^[0-9]+mo$"
wdurregex="^[0-9]+w$"
ddurregex="^[0-9]+d$"
echo ""
echo "This script is used to reduce the size of InfluxDB by removing old data and retaining only the duration specified."
echo "The duration will need to be specified as an integer followed by the duration unit, without a space."
echo ""
echo "For example, to purge all data, but retain the past 3 months, specify 3mo for the duration."
echo "The duration units are as follows:"
echo " mo - month(s)"
@@ -24,35 +30,21 @@ echo " w - week(s)"
echo " d - day(s)"
while true; do
echo ""
read -p 'Enter the duration of past data that you would like to retain: ' duration
duration=$(echo $duration | tr '[:upper:]' '[:lower:]')
echo ""
read -p 'Enter the duration of past data that you would like to retain: ' duration
duration=$(echo $duration | tr '[:upper:]' '[:lower:]')
originalIFS=$IFS
case "${duration}" in
[0-9]+mo$)
if [[ "$duration" =~ $modurregex ]] || [[ "$duration" =~ $wdurregex ]] || [[ "$duration" =~ $ddurregex ]]; then
break
;;
fi
[0-9]+w$)
break
;;
[0-9]+d$)
break
;;
*)
echo ""
echo "Invalid duration."
;;
esac
echo ""
echo "Invalid duration."
done
IFS=$originalIFS
echo "Cleaning InfluxDb and saving only the past ${duration}"
docker exec -t so-influxdb /bin/bash -c "influx -ssl -unsafeSsl -database telegraf -execute \"DELETE FROM /.*/ WHERE \"time\" >= '2020-01-01T00:00:00.0000000Z' AND \"time\" <= now() - ${duration}\""
if docker exec -t so-influxdb /bin/bash -c "influx -ssl -unsafeSsl -database telegraf -execute \"DELETE FROM /.*/ WHERE \"time\" >= '2020-01-01T00:00:00.0000000Z' AND \"time\" <= now() - $duration\""; then
echo "InfluxDb clean complete."
else
echo "Something went wrong with cleaning InfluxDB. Please verify that the so-influxdb Docker container is running, and check the log at /opt/so/log/influxdb/influxdb.log for any details."
fi