CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #10580 from Security-Onion-Solutions/dougburks-patch-1

Browse Source 
Set START and END variables earlier in so-import-pcap
This commit is contained in:
Doug Burks
2023-06-13 13:31:16 -04:00
committed by GitHub
parent 8e0d895afb fb8ad71b27
commit bbdf7bb5a7
1 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
salt/common/tools/sbin_jinja/so-import-pcap
View File

@@ -194,6 +194,9 @@ for PCAP in $INPUT_FILES; do
status "- analyzing traffic with Zeek"
zeek "${PCAP}" $HASH
{% endif %}
START=$(pcapinfo "${PCAP}" -a |grep "First packet time:" | awk '{print $4}')
END=$(pcapinfo "${PCAP}" -e |grep "Last packet time:" | awk '{print $4}')
status "- saving PCAP data spanning dates $START through $END"
fi
@@ -205,9 +208,6 @@ for PCAP in $INPUT_FILES; do
HASHES="${HASHES} ${HASH}"
fi
START=$(pcapinfo "${PCAP}" -a |grep "First packet time:" | awk '{print $4}')
END=$(pcapinfo "${PCAP}" -e |grep "Last packet time:" | awk '{print $4}')
# compare $START to $START_OLDEST
START_COMPARE=$(date -d $START +%s)
START_OLDEST_COMPARE=$(date -d $START_OLDEST +%s)
@@ -286,4 +286,4 @@ if [[ $json -eq 1 ]]; then
}'''
fi
exit $RESULT
exit $RESULT