diff -ruN sguil-0.9.0/sensor/log_packets-sancp.sh sguil-0.9.0-gentoo/sensor/log_packets-sancp.sh --- sguil-0.9.0/sensor/log_packets-sancp.sh 2014-03-29 01:41:36.000000000 +0100 +++ sguil-0.9.0-gentoo/sensor/log_packets-sancp.sh 2016-06-15 00:04:22.585289512 +0200 @@ -27,25 +27,15 @@ # # ########################################################################### -# Edit these for your setup +# get user config +source /etc/conf.d/log_packets -# Sensors hostname. -# Note: If running multiple snort instances, then this must be different -# for each instance (ie sensor1, sensor2, sensor-eth0, sensor-eth1, etc) -HOSTNAME="myhost" -# Path to logger binary -LOGGER_PATH="/usr/local/sancp-1.6.2-candidate.C.6/bin/sancp" -# Directory to log pcap data to (date dirs will be created in here) -# Note: The path $HOSTNAME/dailylogs, will be appended to this. -LOG_DIR="/snort_data" -# Percentage of disk to try and maintain -MAX_DISK_USE=95 -# Interface to 'listen' to. -INTERFACE="eth0" +# conf.d uses different var name, we map this here for backwards comapt +INTERFACE="${IFACE}" # Other options to use when starting snort OPTIONS="" -# Where to store the pid -PIDFILE="/var/run/sancp_log-${HOSTNAME}.pid" +# Path to logger binary +LOGGER_PATH="/usr/bin/sancp" # How do we run ps PS="ps awx" # Where is grep @@ -89,9 +79,9 @@ chmod 777 $LOG_DIR/$today fi if [ -n "$FILTER" ]; then - eval exec $LOGGER_PATH $OPTIONS -d $LOG_DIR/$today -i $INTERFACE -c $CONFIG_FILE -B $FILTER > /tmp/snort.log 2>&1 & + eval exec $LOGGER_PATH $OPTIONS -d $LOG_DIR/$today -i $INTERFACE -c $CONFIG_FILE -B "${FILTER}" & else - eval exec $LOGGER_PATH $OPTIONS -d $LOG_DIR/$today -i $INTERFACE -c $CONFIG_FILE > /tmp/snort.log 2>&1 & + eval exec $LOGGER_PATH $OPTIONS -d $LOG_DIR/$today -i $INTERFACE -c $CONFIG_FILE & fi PID=$! if [ $? = 0 ]; then diff -ruN sguil-0.9.0/sensor/log_packets.sh sguil-0.9.0-gentoo/sensor/log_packets.sh --- sguil-0.9.0/sensor/log_packets.sh 2014-03-29 01:41:36.000000000 +0100 +++ sguil-0.9.0-gentoo/sensor/log_packets.sh 2016-06-15 00:04:12.135961556 +0200 @@ -22,26 +22,15 @@ # # ############################################################## +# get user config +source /etc/conf.d/log_packets -# Edit these for your setup - -# Sensors hostname. -# Note: If running multiple snort instances, then this must be different -# for each instance (ie sensor1, sensor2, sensor-eth0, sensor-eth1, etc) -HOSTNAME="myhost" +# conf.d uses different var name, we map this here for backwards comapt +INTERFACE="${IFACE}" +# tell snort where to find DAQ libs +OPTIONS="${OPTIONS} --daq-dir /usr/lib/daq" # Path to snort binary -SNORT_PATH="/usr/local/bin/snort" -# Directory to log pcap data to (date dirs will be created in here) -# Note: The path $HOSTNAME/dailylogs, will be appended to this. -LOG_DIR="/snort_data" -# Percentage of disk to try and maintain -MAX_DISK_USE=90 -# Interface to 'listen' to. -INTERFACE="eth0" -# Other options to use when starting snort -#OPTIONS="-u sguil -g sguil -m 122" -# Where to store the pid -PIDFILE="/var/run/snort_log-${HOSTNAME}.pid" +SNORT_PATH="/usr/bin/snort" # How do we run ps PS="ps awx" # Where is grep @@ -83,9 +72,9 @@ chmod 777 $LOG_DIR/$today fi if [ -n "$FILTER" ]; then - eval exec $SNORT_PATH $OPTIONS -l $LOG_DIR/$today -b -i $INTERFACE $FILTER > /tmp/snort.log 2>&1 & + eval exec $SNORT_PATH $OPTIONS -l $LOG_DIR/$today -b -i $INTERFACE $FILTER & else - eval exec $SNORT_PATH $OPTIONS -l $LOG_DIR/$today -b -i $INTERFACE > /tmp/snort.log 2>&1 & + eval exec $SNORT_PATH $OPTIONS -l $LOG_DIR/$today -b -i $INTERFACE & fi PID=$! if [ $? = 0 ]; then