-
Notifications
You must be signed in to change notification settings - Fork 0
/
process-flows.sh
executable file
·53 lines (40 loc) · 1.49 KB
/
process-flows.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
#!/bin/bash
ARGII_DIR='/nsm/nfscripts/argii'
PORTFILE='/nsm/nfscripts/ports.lst'
#check to make sure today's report directory works
TDATE=`date +%Y-%m-%d`
NFDD='/opt/flows'
#make sure the daily directory is built
if [ ! -e "$NFDD/data/$TDATE" ]; then
mkdir $NFDD/data/$TDATE
mkdir $NFDD/data/$TDATE/feeds
mkdir $NFDD/data/$TDATE/reports
mkdir $NFDD/data/$TDATE/lts
echo "Creating daily dir $NFDD/data/$TDATE"
fi
#process files
for file in `ls /opt/flows/incoming/`; do
echo "Processing $file"
TARGET_DIR=`echo $file | awk -F"_" '{print $2 "-" $3 "-" $4}'`
#if dir does not exist for TARGET_DIR, create it:
if [ ! -e "$NFDD/data/$TARGET_DIR" ]; then
mkdir $NFDD/data/$TARGET_DIR
mkdir $NFDD/data/$TARGET_DIR/feeds
mkdir $NFDD/data/$TARGET_DIR/reports
mkdir $NFDD/data/$TARGET_DIR/lts
fi
#cofile="$file.co"
#first, do geoip location and append .co
#/usr/local/bin/ralabel -f /etc/ralabel.conf -r /netflow/argus/raw-feeds/$file -w /netflow/argus/raw-feeds/$cofile
#delete original file to save space
#rm /netflow/argus/raw-feeds/$file
#monitor ports
#for port in $(cat $PORTFILE); do
# $ARGII_DIR/port-filter.sh /netflow/argus/raw-feeds/$cofile $port $NFDD/$TDATE/feeds/dport-$port.ar
#done
#for ip-range monitoring
#$ARGII_DIR/range-filter.sh /netflow/argus/raw-feeds/$cofile /nsm/nfscripts/bannerwatch/prod.acl $NFDD/$TDATE/feeds/banner-prod.ar
#finally, delete the original ra file
cat $NFDD/incoming/$file | gzip > $NFDD/data/$TARGET_DIR/lts/$file.gz
rm $NFDD/incoming/$file
done