From 24754b8e8783edce44702a75854a375922ab5dde Mon Sep 17 00:00:00 2001 From: Takuma Tsubaki Date: Fri, 28 Apr 2023 10:56:49 +0900 Subject: [PATCH 1/2] =?UTF-8?q?conn=5Flong=E3=81=A8conn=E3=81=AE=E9=87=8D?= =?UTF-8?q?=E8=A4=87=E6=8E=92=E9=99=A4?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- osect_sensor/Infrastructure/edge_cron/work/ot_tools/bro.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/osect_sensor/Infrastructure/edge_cron/work/ot_tools/bro.sh b/osect_sensor/Infrastructure/edge_cron/work/ot_tools/bro.sh index 7019791..f32bbd8 100755 --- a/osect_sensor/Infrastructure/edge_cron/work/ot_tools/bro.sh +++ b/osect_sensor/Infrastructure/edge_cron/work/ot_tools/bro.sh @@ -13,6 +13,8 @@ reformat_log () { } cd $1/$2 +# conn_long.logと重複するためconn.logに出力されるduration>60を除外 +awk -i inplace '$9<60{print}' "conn.log" # conn.logとconn_long.logの両方を回収 merge_log "conn*.log" "conn.log" merge_log "arp.*.log" "arp.log" From 0d05d0dda4aaaa3b61d64291e9f8cc53d128d35c Mon Sep 17 00:00:00 2001 From: Takuma Tsubaki Date: Fri, 28 Apr 2023 15:01:13 +0900 Subject: [PATCH 2/2] =?UTF-8?q?conn=5Flong=E3=81=A8conn=E3=81=AE=E9=87=8D?= =?UTF-8?q?=E8=A4=87=E6=8E=92=E9=99=A4?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- osect_sensor/Infrastructure/edge_cron/work/ot_tools/bro.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/osect_sensor/Infrastructure/edge_cron/work/ot_tools/bro.sh b/osect_sensor/Infrastructure/edge_cron/work/ot_tools/bro.sh index f32bbd8..a225810 100755 --- a/osect_sensor/Infrastructure/edge_cron/work/ot_tools/bro.sh +++ b/osect_sensor/Infrastructure/edge_cron/work/ot_tools/bro.sh @@ -14,7 +14,8 @@ reformat_log () { cd $1/$2 # conn_long.logと重複するためconn.logに出力されるduration>60を除外 -awk -i inplace '$9<60{print}' "conn.log" +awk '$9<60{print}' $(find /opt/zeek/logs -name "conn.*.log") > "/opt/zeek/logs/conn_replace.log" +rm $(find /opt/zeek/logs -name "conn.*.log") # conn.logとconn_long.logの両方を回収 merge_log "conn*.log" "conn.log" merge_log "arp.*.log" "arp.log"