Jump to content
Sign in to follow this  
anyweb

clear logs in smoothwall

Recommended Posts

create a simple script such as this

 

#!/bin/sh

#To clear the Snort logs:

echo > /var/log/snort/alert
rm -Rf /var/log/snort/*.*.*.*

#and to clear your firewall log:

echo > /var/log/messages

#To clear old Snort and firewall logs:

rm -f /var/log/messages.*
rm -f /var/log/snort/alert.*

# delete snort log dir and all files in it

rm -rf /var/log/snort

#recreate snort with correct permissions

mkdir /var/log/snort

echo > /var/log/snort/alert
echo > /var/log/snort/portscan.log

chmod 664 /var/log/snort/alert
chmod 664 /var/log/snort/portscan.log

chown -R snort:snort /var/log/snort


#restart snort
restartsnort
echo -----------------------------
ls -al /var/log/snort/
echo -----------------------------
echo Logs are all cleared.
echo if you see /var/log/snort/alert or
echo /var/log/snort/portscan.log still belonging to root then manually chown them
echo -----------------------------
echo all done.

 

then make it executable

 

chmod +x cleanup

 

then add it as a cron job if you wish or run it manually when the logs start filling up your hard disc (and they will....)

 

thats it !

cheers

 

anyweb

Edited by anyweb

Share this post


Link to post
Share on other sites

Dear Admin,

 

I want to know that can i make this script executable. I m totally new in linux. I choose smoothwall as a firewall & proxy for my LAN but I m not completely know about linux & its commands. The script u wrote is very helpful for me & hopefully others as well but kindly guide me that how can I make this script executable & set it with cron job.

 

thanx

 

ifykh

Share this post


Link to post
Share on other sites

from the post above

 

make it executable

 

chmod +x cleanup

Share this post


Link to post
Share on other sites

An alternative is to use logrotate to truncate the logs periodically. Create a file called "snort" containing the following:

/var/log/snort/alert /var/log/portscan.log {
	missingok
	daily
	rotate 7
	notifempty
	compress
	create 0664 snort snort
}

.. then just drop that file into your /etc/logrotate.d directory.

 

Logrotate will trim the files on a daily basis, keeping the last 7 files in compressed format so you can use something like zcat /var/log/portscan.log.2.gz

 

(nb: I don't know if smoothwall has logrotate installed, but I'm guessing a quick apt-get/yum/emerge ought to do the trick)

Share this post


Link to post
Share on other sites
(nb: I don't know if smoothwall has logrotate installed, but I'm guessing a quick apt-get/yum/emerge ought to do the trick)

 

 

No, smoothwall doesnt come with yum or apt-get (not sure about the other one but im guessing not)

 

The reason given from the developers is that its for security purposes to prevent users installing things like GNOME and flash. The latter of those two aparently has an exploit that allows hackers full control over the machine or something like that anyway

 

Regards

 

-L

Share this post


Link to post
Share on other sites

We have a old Smoothwall Advanced Firewall 2008 that's been sitting in the storage for 2 years now. We decided to put it again online but upon checking the logs we see that it still has the old "im proxy" logs.. We need to start and refresh the whole system without the old logs. How do we delete or remove the old "im proxy" logs? Our HDD space is a bit small and reinstalling it will require the CD of which we don't know its whereabouts.

 

Pls help..

 

many thanks..chris

Share this post


Link to post
Share on other sites

The logs can be cleared down by just zeroing them out, eg:

> /var/log/smoothwall.log

or thereabouts.

 

If you run LogRotate, they should be rotating and clearing down logs for you.

 

What location is smoothwall writing the logfiles to?

Share this post


Link to post
Share on other sites

oh, another point - smoothwall is free, so you can download and burn it to another CD (or install it off USB pen, if you have ubootin)

Share this post


Link to post
Share on other sites
Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
Sign in to follow this  

×
×
  • Create New...