#!/usr/bin/python ################################################################################# ### Name: bro_missed_rotate.py ### ### Description: ### This script rotates (gzips and moves) Bro logs that missed rotation. ### ### Usage: ./bro_missed_rotate.py ### ### Author: Eric Ooi ################################################################################# import gzip import os import commands bro_root = '/nsm/bro/logs' bro_current = '/nsm/bro/logs/current' # Filter for logs that missed rotation for log in os.listdir(bro_current): filename = log filename = filename.split('.') # unprocessed logs typically end in "log" and include a date (ie: known_hosts.2013-05-11-17-00-00.log) if filename[-1] == 'log' and filename[-2][0].isdigit(): filename_date = filename[-2].split('-') bro_date = filename_date[0] + '-' + filename_date[1] + '-' + filename_date[2] bro_start_time = filename_date[3] # to calculate bro_end_time, add 1 to bro_start_time modulo 24 (ie 23 + 1 = 0) # convert to string and always add leading '0' # take only last two digits, this ensures single digit numbers will include the leading zero and double digit numbers will not # then add trailing ":00:00" bro_end_time = ('0' + str((int(bro_start_time) + 1) % 24))[-2:] + ':00:00' # add trailing ":00:00" to bro_start_time bro_start_time = filename_date[3] + ':00:00-' # proper filename format: /nsm/bro/logs/2013-05-11/known_hosts.17:00:00-18:00:00.log.gz bro_dest = bro_root + '/' + bro_date + '/' + filename[0] + '.' + bro_start_time + bro_end_time + '.log.gz' log = bro_current + '/' + log print "log:",log print "filename:",filename print "bro_date:",bro_date print "bro_start_time:",bro_start_time print "bro_end_time:",bro_end_time print "bro_dest:",bro_dest print # gzip log and move/rename to correct directory commands.getoutput('gzip -f ' + log) commands.getoutput('mv ' + log + '.gz ' + bro_dest)