Quem faz uso de IDS\/IPS no pfSense provavelmente ja se deparou com, pelo menos, um dos problemas abaixo:<\/p>\n
Para solucionar esses dois problemas foi criado o script abaixo que, quando agendado no cron, rotaciona os arquivos gerados e os compacta. Apenas antes de executar o script crie o diretorio \/var\/log\/suricata\/sums\/<\/strong> onde s\u00e3o gerados os arquivos de checksum para possibilitar posterior verifica\u00e7\u00e3o se os logs n\u00e3o foram alterados manualmente.<\/p>\n <\/p>\n <\/p>\n","protected":false},"excerpt":{"rendered":" Quem faz uso de IDS\/IPS no pfSense provavelmente ja se deparou com, pelo menos, um dos problemas abaixo: Depois de alguns dias a aba “Blocks” come\u00e7a a demorar muito tempo para listar os bloqueios atuais….<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[7],"tags":[],"class_list":["post-255","post","type-post","status-publish","format-standard","hentry","category-pfsense"],"_links":{"self":[{"href":"https:\/\/www.tonev.pro.br\/index.php?rest_route=\/wp\/v2\/posts\/255","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.tonev.pro.br\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.tonev.pro.br\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.tonev.pro.br\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.tonev.pro.br\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=255"}],"version-history":[{"count":5,"href":"https:\/\/www.tonev.pro.br\/index.php?rest_route=\/wp\/v2\/posts\/255\/revisions"}],"predecessor-version":[{"id":260,"href":"https:\/\/www.tonev.pro.br\/index.php?rest_route=\/wp\/v2\/posts\/255\/revisions\/260"}],"wp:attachment":[{"href":"https:\/\/www.tonev.pro.br\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=255"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.tonev.pro.br\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=255"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.tonev.pro.br\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=255"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}#!\/bin\/sh\r\n\r\nDATA=`\/bin\/date +%Y-%m-%d`\r\nANO=`\/bin\/date +%Y`\r\nMES=`\/bin\/date +%m`\r\nDIA=`\/bin\/date +%d`\r\n\r\nLS=\"\/bin\/ls\"\r\nWC=\"\/usr\/bin\/wc\"\r\nMV=\"\/bin\/mv\"\r\nMKDIR=\"\/bin\/mkdir\"\r\nXZCMD=\"\/usr\/bin\/xz -z -9 -e\"\r\nFIND=\"\/usr\/bin\/find\"\r\n\r\nINITSCRIPT=\"\/usr\/local\/etc\/rc.d\/suricata.sh\"\r\n\r\nSURICATADIR=\"\/var\/log\/suricata\"\r\n\r\nSHA256=\"\/sbin\/sha256\"\r\n\r\ncd $SURICATADIR\r\n\r\n$INITSCRIPT stop\r\n\r\nfor i in suricata_* ; do\r\n\r\n\tcd $SURICATADIR\/$i\r\n\t\r\n\tALERT_FILE=`$LS -1 alerts.log 2>\/dev\/null | $WC -l 2>\/dev\/null`\r\n\r\n\tHTTP_FILE=`$LS -1 http.log 2>\/dev\/null | $WC -l 2>\/dev\/null`\r\n\r\n\tSTATS_FILE=`$LS -1 stats.log 2>\/dev\/null | $WC -l 2>\/dev\/null`\r\n\r\n\tSURICATA_FILE=`$LS -1 suricata.log 2>\/dev\/null | $WC -l 2>\/dev\/null` \r\n\r\n\tBLOCK_FILE=`$LS -1 block.log 2>\/dev\/null | $WC -l 2>\/dev\/null`\r\n\r\n\tPCAP_FILE=`$LS -1 log.pcap* 2>\/dev\/null | $WC -l 2>\/dev\/null`\r\n\r\n\tif [ $ALERT_FILE -gt 0 ] ; then\r\n\t\t$MKDIR -p $ANO\/$MES\/$DIA\/alerts\r\n\t\t$MV alerts.log $ANO\/$MES\/$DIA\/alerts\/alerts.log-$DATA\r\n\tfi\r\n\r\n\tif [ $HTTP_FILE -gt 0 ] ; then\r\n\t\t$MKDIR -p $ANO\/$MES\/$DIA\/http\r\n\t\t$MV http.log $ANO\/$MES\/$DIA\/http\/http.log-$DATA\r\n\tfi\r\n\r\n\tif [ $STATS_FILE -gt 0 ] ; then\r\n\t\t$MKDIR -p $ANO\/$MES\/$DIA\/stats\r\n\t\t$MV stats.log $ANO\/$MES\/$DIA\/stats\/stats.log-$DATA\r\n\tfi\r\n\r\n\tif [ $SURICATA_FILE -gt 0 ] ; then\r\n\t\t$MKDIR -p $ANO\/$MES\/$DIA\/suricata\r\n\t\t$MV suricata.log $ANO\/$MES\/$DIA\/suricata\/suricata.log-$DATA\r\n\tfi\r\n\r\n\tif [ $BLOCK_FILE -gt 0 ] ; then\r\n\t\t$MKDIR -p $ANO\/$MES\/$DIA\/block\r\n\t\t$MV block.log $ANO\/$MES\/$DIA\/block\/block.log-$DATA\r\n\tfi\r\n\r\n\tif [ $PCAP_FILE -gt 0 ] ; then\r\n\t\t$MKDIR -p $ANO\/$MES\/$DIA\/pcap\r\n\t\t$MV log.pcap* $ANO\/$MES\/$DIA\/pcap\r\n\tfi\r\n\r\ndone\r\n\r\n$INITSCRIPT start\r\n\r\ncd $SURICATADIR\r\n\r\nfor i in suricata_* ; do\r\n cd $SURICATADIR\/$i\r\n $FIND $ANO\/$MES\/$DIA\/ -type f -exec $SHA256 {} >> $SURICATADIR\/sums\/log-$i-$ANO-$MES-$DIA.sha256 \\;\r\n $XZCMD $ANO\/$MES\/$DIA\/alerts\/* >\/dev\/null 2>\/dev\/null &\r\n $XZCMD $ANO\/$MES\/$DIA\/http\/* >\/dev\/null 2>\/dev\/null &\r\n $XZCMD $ANO\/$MES\/$DIA\/stats\/* >\/dev\/null 2>\/dev\/null &\r\n $XZCMD $ANO\/$MES\/$DIA\/suricata\/* >\/dev\/null 2>\/dev\/null &\r\n $XZCMD $ANO\/$MES\/$DIA\/block\/* >\/dev\/null 2>\/dev\/null &\r\n $XZCMD $ANO\/$MES\/$DIA\/pcap\/* >\/dev\/null 2>\/dev\/null &\r\ndone<\/pre>\n