Posted by Grommish on Jul 01, 2019; 9:15pm
URL: https://itus.accessinnov.com/FIRMWARE-Itus-Networks-Shield-Firmware-Upgrade-WIP-tp1726p1789.html

https://github.com/Grommish/Itus_Shield_v2/blob/master/files/etc/snort/rotatelogs

This is the script i ended up going with.  It'll save the newest 5 alert.fast.xxxxx by timestamp in /etc/snort/logs and kill the rest off, but only after pulling any Priority 1 alerts/drops.

I know Road is on the road without email for the next 2 weeks, but he'll catch up..  @Gnomad and @user8446, currently it only pulls the Priority 1 logs from the existing alert.fast.xxxx before it culls them, but it's triggered every 30 minutes.  Should the file results be appended or overwritten (currently it's overwriting them)?  I'm thinking appending, since I'd hate for any Priority 1 logs to be lost.  of course, it's sitting in RAM, so if it reboots, it'll be gone.. Maybe it should be written to disk instead.  this way a DDNS/RCE crash bug can't just clear the history..