cleanup script doesn't cover bro's extracted directory

[gebhard73]

fix will be provided shortly, issue will be updated accordingly

[gebhard73]

replacement for /nsm/scripts/cleanup
can somebody test & comment?

will create pull request later

#!/bin/sh
#
# crappy little script do free up space in NSM file system
#
# may be inefficient, but a meant to be a workaround to delete files
# in two directories till min free space is available again
#

# which file system to check
FS="/nsm"
# min free kBytes on the FS, example 5 GB
FREE=5000000
# default exit code
EXIT=0

freeEnough()
#
# check if free space on FS is OK
# return 1: free enough, 0: not enough space left
#
# $1: if parameter "half" is given, then to-be free space is divided by 2
#     (this is a workaround to erase half of the stuff in "extracted" and half in PCAPS)
#
{
   local FSFREE
   if [ "${1}" = "half" ] ; then
      FREE=`expr ${FREE} / 2 + 1`
   fi
   # echo "FREE: ${FREE}"
   FSFREE=`df -k ${FS} | tail -1 | awk '{ print $4 }'`
   if [ ${FSFREE} -ge ${FREE} ] ; then
      echo 1
   else
      echo 0
   fi
}

delFiles()
#
# deletes files in DIR till FREE/2 is free
#
# $1: directory where to delete
#
{
   DIR="${1}"
   echo "deleting files in ${DIR} ..."
   cd ${DIR}
   if [ ${DIR} != `pwd` ] ; then
      # directory not accessible
      echo "could not cd to ${DIR}, exiting"
      EXIT=1
      return
   fi
   # delete files till half of to-be free space is available
   # (idea: https://superuser.com/questions/976622/deleting-oldest-files-to-free-space-as-needed-on-linux)
   find . -xdev -maxdepth 1 -type f | xargs ls -1rt | while read f ; do
      if [ `freeEnough half` -eq 1 ] ; then
         break
      fi
      echo "  deleting ${DIR}/${f}"
      rm -f ${f}
   done
}

# anything to do at all?
if [ `freeEnough` -eq 1 ] ; then
   # echo "nothing to do"
   exit 0
fi

# delete 1st half in extracted
delFiles "/nsm/bro/extracted"

# delete 2nd half in PCAPs
delFiles "/nsm/pcap"

# check if deletion was successful
if [ `freeEnough` -ne 1 ] ; then
   echo "deletion wasn't able to free up enough space, please check manually"
   EXIT=9
fi


if [ ${EXIT} -ne 0 ] ; then
   echo "something went wrong freeing up space on FS ${FS}, please have a look manually" | tee /dev/tty | ssmtp root
fi

exit ${EXIT}

[ramirezversion]

I have set 45000000 as free space to force the cleanup script, I tried but I think it does not work properly

Deleting files in /nsm/bro/extracted
Deleting files in /nsm/pcap
deletion wasn't able to free up enough space, please check manually
something went wrong freeing up space on FS ${FS}, please have a look manually

I was thinking to do something like this and assing a max size for pcap and extracted

#!/bin/sh

TopSizePCAP=25000000
TopSizeExtract=2500000

removePcap() {
  local usedPCAP
  usedPCAP=`du /nsm/pcap/ | awk '{ print $1 }'`
  while [ ${usedPCAP} -gt ${TopSizePCAP} ]; do
    find /nsm/pcap  -type f -printf '%T+ %p\n' | sort | head -n1 | awk '{print $2}' | xargs rm -v
    usedPCAP=`du /nsm/pcap/ | awk '{ print $1 }'`
  done
}

removeExtracted() {
  local usedExtracted
  usedExtracted=`du /nsm/bro/extracted/ | awk '{ print $1 }'`
  while [ ${usedExtracted} -gt ${TopSizeExtract} ]; do
    find /nsm/bro/extracted  -type f -printf '%T+ %p\n' | sort | head -n1 | awk '{print $2}' | xargs rm -v
    usedExtracted=`du /nsm/bro/extracted/ | awk '{ print $1 }'`
  done
}

removePcap
removeExtracted

exit 0

What do you think?