Snort mailing list archives
Snort/Snortsnarf on NT-little archiving batch file here
From: "ed.davis" <ed.davis () divine com>
Date: Tue, 20 Nov 2001 09:55:57 -0500
Hi, this little batch file below neatly solves an archiving issue on NT systems. It will build a directory named for the current date. This version also does a little xcopy as well. After that, you can include any compression or file movement needed to make regular archives. just kick it off with an AT command. anyhow, a neat little snortsnarf archive bat file *works on NT and Win2000 ------ @echo off rem Determine which pass we are making if "%1"=="" goto _1stpass if "%2"=="" goto _wdpass if "%3"=="" goto _daypass if "%4"=="" goto _mmpass rem Extract the year find "/19%4" tmp$$$.$$$ > nul if not errorlevel==1 if errorlevel==0 set yearnr_=%4 find "/20%4" tmp$$$.$$$ > nul if not errorlevel==1 if errorlevel==0 set yearnr_=%4 goto _end rem Extract the month :_mmpass find " %3/" tmp$$$.$$$ > nul if not errorlevel==1 if errorlevel==0 set monthnr_=%3 goto _end rem Extract the day :_daypass find "/%2/" tmp$$$.$$$ > nul if not errorlevel==1 if errorlevel==0 set daynr_=%2 goto _end rem As an extra demo also get the name of the weekday :_wdpass find "%1" tmp$$$.$$$ > nul if not errorlevel==1 if errorlevel==0 set weekday_=%1 goto _end rem Put the date in a file so that find can be applied on it :_1stpass echo.|date /t > tmp$$$.$$$ rem Go through all the alternatives. Note the dummy x parameters rem to determine which part of the date is being processed for %%d in (Sun Mon Tue Wed Thu Fri Sat) do call %0 %%d for %%d in (01 02 03 04 05 06 07 08 09 10) do call %0 x %%d for %%d in (11 12 13 14 15 16 17 18 19 20) do call %0 x %%d for %%d in (21 22 23 24 25 26 27 28 29 30 31) do call %0 x %%d for %%d in (01 02 03 04 05 06 07 08 09 10 11 12) do call %0 x x %%d for %%d in (97 98 99 00 01 02) do call %0 x x x %%d rem Show the results echo %weekday_% echo %monthnr_%%daynr_%%yearnr_% rem net stop snort md c:\inetpub\wwwroot\weekly-logs\%yearnr_%%monthnr_%%daynr_% xcopy c:\inetpub\wwwroot\logs c:\inetpub\wwwroot\weekly-logs\%yearnr_%%monthnr_%%daynr_% /s net stop snort del /f /s /q c:\inetpub\wwwroot\logs\alert.ids net start snort del /f /s /q c:\inetpub\wwwroot\logs\*.* copy c:\inetpub\wwwroot\weekly-logs\%yearnr_%%monthnr_%%daynr_%\*.html c:\inetpub\wwwroot\logs copy c:\inetpub\wwwroot\weekly-logs\%yearnr_%%monthnr_%%daynr_%\*.gif c:\inetpub\wwwroot\logs rem feed command line instructions to winzip or your favorite rem commression routine here rem Clean up set weekday_= set daynr_= set monthnr_= set yearnr_= del tmp$$$.$$$ :_end _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Update -> Logging question Ralf Hildebrandt (Nov 20)
- Snort/Snortsnarf on NT-little archiving batch file here ed.davis (Nov 20)