Snort mailing list archives

Snort/Snortsnarf on NT-little archiving batch file here

From: "ed.davis" <ed.davis () divine com>
Date: Tue, 20 Nov 2001 09:55:57 -0500
Hi,

this little batch file below neatly solves
an archiving issue on NT systems. It will
build a directory named for the current date.
This version also does a little xcopy as well.
After that, you can include any compression
or file movement needed to make regular archives.

just kick it off with an AT command.

anyhow, a neat little snortsnarf archive bat file
*works on NT and Win2000
------
  @echo off

  rem Determine which pass we are making
  if "%1"=="" goto _1stpass
  if "%2"=="" goto _wdpass
  if "%3"=="" goto _daypass
  if "%4"=="" goto _mmpass

  rem Extract the year
  find "/19%4" tmp$$$.$$$ > nul
  if not errorlevel==1 if errorlevel==0 set yearnr_=%4
  find "/20%4" tmp$$$.$$$ > nul
  if not errorlevel==1 if errorlevel==0 set yearnr_=%4
  goto _end

  rem Extract the month
  :_mmpass
  find " %3/" tmp$$$.$$$ > nul
  if not errorlevel==1 if errorlevel==0 set monthnr_=%3
  goto _end

  rem Extract the day
  :_daypass
  find "/%2/" tmp$$$.$$$ > nul
  if not errorlevel==1 if errorlevel==0 set daynr_=%2
  goto _end

  rem As an extra demo also get the name of the weekday
  :_wdpass
  find "%1" tmp$$$.$$$ > nul
  if not errorlevel==1 if errorlevel==0 set weekday_=%1
  goto _end

  rem Put the date in a file so that find can be applied on it
  :_1stpass
  echo.|date /t > tmp$$$.$$$

  rem Go through all the alternatives. Note the dummy x parameters
  rem to determine which part of the date is being processed
  for %%d in (Sun Mon Tue Wed Thu Fri Sat) do call %0 %%d
  for %%d in (01 02 03 04 05 06 07 08 09 10) do call %0 x %%d
  for %%d in (11 12 13 14 15 16 17 18 19 20) do call %0 x %%d
  for %%d in (21 22 23 24 25 26 27 28 29 30 31) do call %0 x %%d
  for %%d in (01 02 03 04 05 06 07 08 09 10 11 12) do call %0 x x %%d
  for %%d in (97 98 99 00 01 02) do call %0 x x x %%d

  rem Show the results
  echo %weekday_%

  echo %monthnr_%%daynr_%%yearnr_%

  rem net stop snort
  md c:\inetpub\wwwroot\weekly-logs\%yearnr_%%monthnr_%%daynr_%
  xcopy c:\inetpub\wwwroot\logs
c:\inetpub\wwwroot\weekly-logs\%yearnr_%%monthnr_%%daynr_% /s
  net stop snort
  del /f /s /q c:\inetpub\wwwroot\logs\alert.ids
  net start snort
  del /f /s /q c:\inetpub\wwwroot\logs\*.*
  copy c:\inetpub\wwwroot\weekly-logs\%yearnr_%%monthnr_%%daynr_%\*.html
c:\inetpub\wwwroot\logs
  copy c:\inetpub\wwwroot\weekly-logs\%yearnr_%%monthnr_%%daynr_%\*.gif
c:\inetpub\wwwroot\logs

  rem feed command line instructions to winzip or your favorite
  rem commression routine here

  rem Clean up
  set weekday_=
  set daynr_=
  set monthnr_=
  set yearnr_=
  del tmp$$$.$$$

  :_end



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:

Update -> Logging question Ralf Hildebrandt (Nov 20)
- Snort/Snortsnarf on NT-little archiving batch file here ed.davis (Nov 20)