Re: [FIRMWARE] Itus Networks Shield Firmware Upgrade *WIP*
Posted by
Gnomad on
Jul 02, 2019; 6:58am
URL: https://itus.accessinnov.com/FIRMWARE-Itus-Networks-Shield-Firmware-Upgrade-WIP-tp1726p1790.html
There were previously concerns about excessive writing shortening the SSD life, so I'd vote logging to memory is fine for now. If you're unlucky enough to get hit by a DOS attack or similar, these logs could get big quick!
So could leave implementing an optional output path as future work?
Could even provide a field in luci so users can spec it themselves, if you wanted to take it that far..
On Tue, 2 Jul 2019 at 05:15, Grommish [via Itus Networks Owners Forum] <
[hidden email]> wrote:
https://github.com/Grommish/Itus_Shield_v2/blob/master/files/etc/snort/rotatelogs
This is the script i ended up going with. It'll save the newest 5 alert.fast.xxxxx by timestamp in /etc/snort/logs and kill the rest off, but only after pulling any Priority 1 alerts/drops.
I know Road is on the road without email for the next 2 weeks, but he'll catch up.. @Gnomad and @user8446, currently it only pulls the Priority 1 logs from the existing alert.fast.xxxx before it culls them, but it's triggered every 30 minutes. Should the file results be appended or overwritten (currently it's overwriting them)? I'm thinking appending, since I'd hate for any Priority 1 logs to be lost. of course, it's sitting in RAM, so if it reboots, it'll be gone.. Maybe it should be written to disk instead. this way a DDNS/RCE crash bug can't just clear the history..
To unsubscribe from [FIRMWARE] Itus Networks Shield Firmware Upgrade *WIP*,
click here.
NAML
OpenWrt SNAPSHOT, r10391-3d8d528939