You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Apr 16, 2021. It is now read-only.
The following patches [1] add options to skip the removal of Bro or ARGUS (or
both) logs since
they have potential for long term storage due to their small size. e.g. The
user would add ``--skip-bro''
to the sensor-clean cronjob to put this into effect.
Notes:
The default is to not skip removal of any logs, same as prior to the patch.
If --skip-bro is used, /nsm/bro/extracted files are still removed.
[1]
https://github.com/jonschipp/security-onion/commit/9aa1b261a4ff969057ad6dbadd27f
4883657ddd6
Original issue reported on code.google.com by jonsch...@gmail.com on 5 Apr 2014 at 3:00
The text was updated successfully, but these errors were encountered:
Is this of interest?
If you want this in a different format let me know e.g. standard patch.
You can just copy the files in the repo to their respective locations in SO.
Original comment by jonsch...@gmail.com on 20 Apr 2014 at 5:39
Hi Jon,
I like the idea! Thanks for the patch.
Some feedback on nsm_sensor_clean:
- looks like the --skip-both option is setting SKIP_REMOVAL=ARGUS. Should that
be SKIP_REMOVAL=BOTH?
- instead of having folks edit the sensor-clean cronjob, what if it were a
config option in /etc/nsm/securityonion.conf? See WARN_DISK_USAGE and
CRIT_DISK_USAGE near the end of the file, right above the sensor_cleandisk call.
Some feedback on lib-nsm-sensor-utils:
- Should the following line be checking for "BRO" instead of "$BRO"?
if [ "$SKIP_REMOVAL" == "NONE" ] || [ "$SKIP_REMOVAL" == "$BRO" ]
Thanks!
Original comment by doug.bu...@gmail.com on 20 Apr 2014 at 6:00
Original issue reported on code.google.com by
jonsch...@gmail.com
on 5 Apr 2014 at 3:00The text was updated successfully, but these errors were encountered: