[Unit] Description=sguil packet logging on %I After=network-online.target Requires=log_packets_rotate.timer [Service] Type=simple Environment=LOG_DIR=/var/lib/sguil/%H/dailylogs ExecStartPre=/bin/bash -c "/bin/mkdir -p -m 770 ${LOG_DIR}/$(date +%%Y-%%m-%%d)" ExecStartPre=/bin/bash -c "/bin/chown root:sguil ${LOG_DIR}/$(date +%%Y-%%m-%%d)" ExecStartPre=/bin/bash -c "/bin/ln -s -f ${LOG_DIR}/$(date +%%Y-%%m-%%d) ${LOG_DIR}/today" ExecStart=/usr/bin/snort -m 122 -u sguil -g sguil -l ${LOG_DIR}/today --daq-dir /usr/lib/daq -b -i %I -F /etc/sguil/log_packets_filter.bpf ExecStopPost=/bin/rm -- "${LOG_DIR}/today" [Install] WantedBy=multi-user.target