Skip to content

Delete Zeek log files until disk usage is under a given threshold

License

Notifications You must be signed in to change notification settings

declan727/zeek-log-clean

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Zeek Log Clean

This script will delete the oldest Zeek log files until disk usage is under a given threshold (default 90% used).

Running

Place the script in your path (e.g. /usr/local/bin/zeek_log_clean.sh).

sudo curl -o /usr/local/bin/zeek_log_clean.sh https://raw.githubusercontent.com/activecm/zeek-log-clean/main/zeek_log_clean.sh && sudo chmod +x /usr/local/bin/zeek_log_clean.sh

The recommended use is to automate running of the script with cron. The following command will configure this.

echo "* * * * * root flock -n /tmp/zeek-log-clean /usr/local/bin/zeek_log_clean.sh" | sudo tee /etc/cron.d/zeek-log-clean

You can run the script ad hoc.

zeek_log_clean.sh

The script will attempt to find the correct location of your zeek log files automatically. You can also pass in the location.

zeek_log_clean.sh --dir /opt/zeek/logs

The script will delete files until the disk usage is under 90% by default. You can set a different threshold.

zeek_log_clean.sh --threshold 80

If rita is available, the script will also attempt to delete the corresponding RITA dataset. You can disable this behavior.

zeek_log_clean.sh --no-remove-rita

Testing

Clone the repo and run the included test.sh script inside a VM. The user you run the script as must have sudo privileges.

About

Delete Zeek log files until disk usage is under a given threshold

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Shell 100.0%