Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
example: prelude database clean-up script
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
sunoterra
n00b
n00b


Joined: 04 Jun 2004
Posts: 43
Location: Michigan

PostPosted: Tue May 25, 2010 6:21 pm    Post subject: example: prelude database clean-up script Reply with quote

greetings me gentoo cousins,

the last few months, using this article on the gentoo wiki archives and the prelude project's documentation, i have been exploring the ebuilds associated with the prelude intrusion detection system.

one of the ways i've learned to keep it running more efficiently, and to keep disk usage down, is to just clean it up every once and a while. authored a script that i place in an executable file named /etc/cron.daily/preludedb to clean up alerts that are more than a month old, and heartbeats that are more than 24 hours old.

this maybe mute as it appears that prelude has been purchased by a commercial entity, but this has been useful for me, and wanted to share.

thanks in advance for any-type feedback. :)

here is the script:
Code:

#!/bin/bash

####
#### prelude database clean-up script
####
##
## trim out:
## o) alerts, older than the last month
## o) heartbeats, older than the last 24 hours
##

## create a date stamp for "last month"
_date_alert=`date --date="last month" "+%Y-%m-%d"`
## create alert filter criteria
_date_alert_criteria="alert.create_time < '"${_date_alert}" 00:00:00'"

## create a date stamp
_date_heartbeat=`date "+%Y-%m-%d"`
## create heartbeat filter criteria
_date_heartbeat_criteria="heartbeat.create_time < '"${_date_heartbeat}" 00:00:00'"

## assuming you are using mysql (please change values of name,
## user and pass as needed.
#_db="type=mysql name=prelude user=prelude pass=<password>"

## assuming you are using pgsql (please change valuse of name,
## user and pass as needed.
_db="type=pgsql name=prelude user=prelude pass=<password>"

####
#### clean-up
####
## remove alerts
/usr/bin/preludedb-admin delete alert "${_db}" --criteria="${_date_alert_criteria}" --events-per-transaction=10000 > /dev/null 2>&1
## remove heartbeats
/usr/bin/preludedb-admin delete heartbeat "${_db}" --criteria="${_date_heartbeat_criteria}" > /dev/null 2>&1

####
#### debug
####
## comment the lines above, then uncomment the lines below.
## run the command: /etc/cron.daily/preludedb
## copy-n-paste the output strings back to the prompt to run.
##
#echo "/usr/bin/preludedb-admin delete alert \"${_db}\" --criteria=\"${_date_criteria}\" --events-per-transaction=10000"
#echo "/usr/bin/preludedb-admin delete heartbeat \"${_db}\" --criteria=\"${_date_criteria}\""


~cheers

EDIT:
/doh ... my dumb-@$$ left my actual password to the pgsql db in the script ... removed, and changed at my end. good thing i had it restricted connections to localhost and was dropping incomings to 5432. this one is worthy of a /double-face-palm :P live and learn.
_________________
l33t/n00b
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum