Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
clear logs in smoothwall

create a simple script such as this



#To clear the Snort logs:

echo > /var/log/snort/alert
rm -Rf /var/log/snort/*.*.*.*

#and to clear your firewall log:

echo > /var/log/messages

#To clear old Snort and firewall logs:

rm -f /var/log/messages.*
rm -f /var/log/snort/alert.*

# delete snort log dir and all files in it

rm -rf /var/log/snort

#recreate snort with correct permissions

mkdir /var/log/snort

echo > /var/log/snort/alert
echo > /var/log/snort/portscan.log

chmod 664 /var/log/snort/alert
chmod 664 /var/log/snort/portscan.log

chown -R snort:snort /var/log/snort

#restart snort
echo -----------------------------
ls -al /var/log/snort/
echo -----------------------------
echo Logs are all cleared.
echo if you see /var/log/snort/alert or
echo /var/log/snort/portscan.log still belonging to root then manually chown them
echo -----------------------------
echo all done.


then make it executable


chmod +x cleanup


then add it as a cron job if you wish or run it manually when the logs start filling up your hard disc (and they will....)


thats it !





Dear Admin,


I want to know that can i make this script executable. I m totally new in linux. I choose smoothwall as a firewall & proxy for my LAN but I m not completely know about linux & its commands. The script u wrote is very helpful for me & hopefully others as well but kindly guide me that how can I make this script executable & set it with cron job.






from the post above


make it executable


chmod +x cleanup


An alternative is to use logrotate to truncate the logs periodically. Create a file called "snort" containing the following:

/var/log/snort/alert /var/log/portscan.log {
    rotate 7
    create 0664 snort snort

.. then just drop that file into your /etc/logrotate.d directory.


Logrotate will trim the files on a daily basis, keeping the last 7 files in compressed format so you can use something like zcat /var/log/portscan.log.2.gz


(nb: I don't know if smoothwall has logrotate installed, but I'm guessing a quick apt-get/yum/emerge ought to do the trick)


Quote:(nb: I don't know if smoothwall has logrotate installed, but I'm guessing a quick apt-get/yum/emerge ought to do the trick)


No, smoothwall doesnt come with yum or apt-get (not sure about the other one but im guessing not)


The reason given from the developers is that its for security purposes to prevent users installing things like GNOME and flash. The latter of those two aparently has an exploit that allows hackers full control over the machine or something like that anyway






We have a old Smoothwall Advanced Firewall 2008 that's been sitting in the storage for 2 years now. We decided to put it again online but upon checking the logs we see that it still has the old "im proxy" logs.. We need to start and refresh the whole system without the old logs. How do we delete or remove the old "im proxy" logs? Our HDD space is a bit small and reinstalling it will require the CD of which we don't know its whereabouts.


Pls help..


many thanks..chris


The logs can be cleared down by just zeroing them out, eg:

> /var/log/smoothwall.log

or thereabouts.


If you run LogRotate, they should be rotating and clearing down logs for you.


What location is smoothwall writing the logfiles to?

oh, another point - smoothwall is free, so you can download and burn it to another CD (or install it off USB pen, if you have ubootin)
To clear logs in Smoothwall, access the system's web interface, navigate to the "Logs" section, select the desired log type (e.g., Firewall), and use the "Clear Logs" option. Always document actions for transparency in network management.

Forum Jump:

Users browsing this thread: 3 Guest(s)