mirror of
https://github.com/zeek/zeek.git
synced 2025-10-10 02:28:21 +00:00
58 lines
1.4 KiB
Bash
Executable file
58 lines
1.4 KiB
Bash
Executable file
#! /usr/bin/env bash
|
|
#
|
|
# This script may be used as a postprocessor for Bro's log files to
|
|
# automatically compress and archive them.
|
|
#
|
|
# Example use:
|
|
#
|
|
# 1. Add two lines to your Bro configuration:
|
|
#
|
|
# redef log_rotate_interval = 6 hrs &redef;
|
|
# redef log_postprocessor = "mvlog";
|
|
#
|
|
# 2. Put the script into your PATH.
|
|
#
|
|
# 3. Define an environment variable BROBASE giving
|
|
# a base directory to store the archived logs in.
|
|
#
|
|
# Now Bro rotates log files every six hours, gzips them
|
|
# and moves them into directories $BROBASE/logs/<date>/
|
|
#
|
|
# General usage (this is how Bro calls all postprocessors):
|
|
#
|
|
# mvlog <rotated-file-name> <base-name> <timestamp-when-opened> <timestamp-when-closed>
|
|
#
|
|
# Example of how Bro may call the script:
|
|
#
|
|
# mvlog alert.log.28799.1069381104 alert.log 03-11-21_03.18.18 03-11-21_04.0.24
|
|
|
|
if [ "$BROBASE" == "" ]; then
|
|
echo BROBASE not set.
|
|
exit 1
|
|
fi
|
|
|
|
# Base of archive.
|
|
BASE="$BROBASE/logs"
|
|
|
|
# Build archive name
|
|
DAY=`echo $3 | sed 's/_.*$//'`
|
|
FROM=`echo $3 | sed 's/^.*_//' | sed 's/\./:/g'`
|
|
TO=`echo $4 | sed 's/^.*._//' | sed 's/\./:/g'`
|
|
|
|
CENTURY=`date +%Y | sed 's/..$//g'`
|
|
DAY="$CENTURY$DAY"
|
|
|
|
DEST="$BASE/$DAY/$2.$FROM-$TO"
|
|
|
|
# Create archive sub-dir if not existent.
|
|
|
|
if [ ! -d "$BASE" ]; then
|
|
mkdir "$BASE"
|
|
fi
|
|
|
|
if [ ! -d "$BASE/$DAY" ]; then
|
|
mkdir "$BASE/$DAY"
|
|
fi
|
|
|
|
# Zip it and move into archive.
|
|
nice gzip -6 <$1 >$DEST.gz && rm $1
|