[prev in list] [next in list] [prev in thread] [next in thread] 

List:       sguil-devel
Subject:    [Sguil-devel] trivial patch for log_packets.sh
From:       Eric Sorenson <eric () explosive ! net>
Date:       2005-12-13 23:00:13
Message-ID: Pine.LNX.4.61.0512131450570.1151 () hexogen ! explosive ! net
[Download RAW message or body]


Bamm - here's a tiny patch to log_packets.sh, I found it a lot easier 
to use an outboard BPF file than trying to get all the escape/quoting 
issues on the command line. Also, this could be just my broken RHEL 
bash, but the '-n' test was always evaluting to true, even if FILTER 
was empty. Hence the "x$FOO = x" change.

diff -r1.24 log_packets.sh
52a53,54
> # For complicated filters, it can be cleaner to include a separate file
> FILTERFILE="$LOG_DIR/etc/log_packets-$HOSTNAME.bpf"
85c87
<     if [ -n $FILTER ]; then
---
> if [ x$FILTER != "x" ]; then
86a89,90
> elif [ x$FILTERFILE != "x" ]; then
> eval exec $SNORT_PATH $OPTIONS -l $LOG_DIR/$today -b -i $INTERFACE -F $FILTERFILE > \
> /tmp/snort.log 2>&1 &



-- 
 - Eric Sorenson - N37 17.255 W121 55.738 - http://eric.explosive.net -
 - Personal colo with a professional touch - http://www.explosive.net -


-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
_______________________________________________
Sguil-devel mailing list
Sguil-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sguil-devel


[prev in list] [next in list] [prev in thread] [next in thread]