mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2026-04-27 23:18:08 +02:00
Wes Lambert
35 lines
1.2 KiB
Bash
35 lines
1.2 KiB
Bash
#!/bin/bash
|
|
# Delete Zeek Logs based on defined CRIT_DISK_USAGE value
|
|
|
|
clean () {
|
|
|
|
SENSOR_DIR='/nsm'
|
|
CRIT_DISK_USAGE=90
|
|
CUR_USAGE=$(df -P $SENSOR_DIR | tail -1 | awk '{print $5}' | tr -d %)
|
|
LOG="/nsm/bro/logs/zeek_clean.log"
|
|
|
|
if [ "$CUR_USAGE" -gt "$CRIT_DISK_USAGE" ]; then
|
|
while [ "$CUR_USAGE" -gt "$CRIT_DISK_USAGE" ];
|
|
do
|
|
TODAY=$(date -u "+%Y-%m-%d")
|
|
|
|
# find the oldest Zeek logs directory and exclude today
|
|
OLDEST_DIR=$(ls /nsm/bro/logs/ | grep -v "current" | grep -v "stats" | grep -v "packetloss" | sort | grep -v $TODAY | head -n 1)
|
|
if [ -z "$OLDEST_DIR" -o "$OLDEST_DIR" == ".." -o "$OLDEST_DIR" == "." ]
|
|
then
|
|
echo "$(date) - No old Zeek logs available to clean up in /nsm/bro/logs/" >> $LOG
|
|
exit 0
|
|
else
|
|
echo "$(date) - Removing directory: /nsm/bro/logs/$OLDEST_DIR" >> $LOG
|
|
rm -rf /nsm/bro/logs/"$OLDEST_DIR"
|
|
fi
|
|
|
|
|
|
done
|
|
else
|
|
echo "$(date) - Current usage of $CUR_USAGE% not greater than the CRIT_DISK_VALUE of $CRIT_DISK_USAGE%..." >> $LOG
|
|
fi
|
|
}
|
|
|
|
clean
|