Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: A q for the gurus. Filehandling & reacting to events (?)
Top Forums Shell Programming and Scripting A q for the gurus. Filehandling & reacting to events (?) Post 302071483 by Fred on Friday 21st of April 2006 05:10:55 AM
Old 04-21-2006
A q for the gurus. Filehandling & reacting to events (?)
Ok, since i am scripting first-timer i want to apology in advance if any of my ideas are way off.

What i am trying to achieve is a script that can listen for alerts from snort. When snort triggers an alert then i want my script to do nothing for X seconds, and after that period of time i want the script to copy a bunch of files (tcpdump-files and possibly the snort-log) to a newly created folder.

So in some sort of meta-code i am trying to achieve something like this:

If/When snort triggers an alert
{
Wait 5 minutes
Create a new folder /A/B/N (here i would need to name the folder in YYMMDD-HHMM format i believe)
Copy all files at /S/D/ to /A/B/N
Copy file F to /A/B/N
}

So the next time snort triggers an alert this script would create yet another folder and copy the files i want to that folder.

So, does anyone of you know if this is possible using shellscript?
If it is, can anyone perhaps show an example or help me in any way ?

Thanks in advance !

/F
 

7 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

Any RF unix gurus out there?

I am having a problem here. We are having several problems in regards to hung process's on unix (HPUX box), caused by my RF equipment (Mobile data capture units). these contact the host via a simply telnet session and locks the system? Is it a timeout problem as the timeout is disabled on the host. (5 Replies)
Discussion started by: Subrosa
5 Replies

2. Shell Programming and Scripting

SED GURUS - Help!

I wish to substituite a string on each line but ONLY if it appears within double-quotes: this_string="abc#def#geh" # Comment here I wish to change the "#" characters within the double quoted string to "_": this_string="abc_def_geh" # Comment here ... but as you see, the "comment" hash... (2 Replies)
Discussion started by: Simerian
2 Replies

3. Shell Programming and Scripting

Hey Perl Gurus

Hey guys im trying to get this if statement to work and i dont know whats wrong. can anybody help? if($author=~/\A+\Z/i)&&(length($author!=0)) { print " $author validation correct" } elsif($author!=~/\A+\Z/i)&&(length($author=0)) { $author='BLANK'; } else { ... (1 Reply)
Discussion started by: neil1983
1 Replies

4. Shell Programming and Scripting

Unix/Linux gurus...here is Q 4u

Suppose I have two files 1.txt and 2.txt. My aim is to find (Total execution time/Number of executions) then sort the result as in decreasing order. Can anyone provide me any shell/perl/awk script or a Command to do that in faster way ? 1.txt : =============================== Number of... (4 Replies)
Discussion started by: Rahulpict
4 Replies

5. Web Development

PHPMaker 9 Help with Server Events & Filter

Hello, I need some help with PHPMaker 9 "Server Events". trying to do a simple filter but my lack of knowledge of PHP & Mysql is getting me in a jam. I have 2 tables: MyMainTable = which has all individual records for different people and Users = the security table that also has... (0 Replies)
Discussion started by: vestport
0 Replies

6. UNIX for Dummies Questions & Answers

Calling all the awk gurus out there.

Hi all, I just signed up to the forums, although, I have lurked on here for awhile. Anyways, my issue is I am trying to get awk to spit out something I can use without having to spend hours in excel hell haha. So, I used sed to replace the spaces with semicolons and redirected that to a file. ... (6 Replies)
Discussion started by: savigabi
6 Replies

7. Shell Programming and Scripting

Question to gurus about sed.

Hi Folks. I need change something into file and after all manipulation I need delete only last COMMA into this piece of code -> GROUP 1 ( '/oralog1/ORAPRD/log01a.dbf', '/oralog2/ORAPRD/log01b.dbf' ) SIZE 512M, GROUP 2 ( '/oralog1/ORAPRD/log02a.dbf', ... (12 Replies)
Discussion started by: beckss
12 Replies

LEARN ABOUT DEBIAN

upssched

UPSSCHED(8)							    NUT Manual							       UPSSCHED(8)

NAME

       upssched - Timer helper for scheduling events from upsmon

SYNOPSIS

       upssched

	   Note
	   upssched should be run from upsmon(8) via the NOTIFYCMD. You should never run it directly during normal operations.

DESCRIPTION

       upssched was created to allow users to execute programs at times relative to events being monitored by upsmon(8). The original purpose was
       to allow for a shutdown to occur after some fixed period on battery, but there are other uses that are possible.

INTEGRATION

       upssched needs to be called as the NOTIFYCMD in your upsmon.conf(5). It determines what is happening based on the UPSNAME and NOTIFYTYPE
       environment variables. You should never have to deal with them directly.

       Set the EXEC flag on the events that you want to see in upssched. For example, to make sure that upssched hears about ONLINE, ONBATT and
       LOWBATT events, the flags would look like this:

	   NOTIFYFLAG ONLINE EXEC
	   NOTIFYFLAG ONBATT EXEC
	   NOTIFYFLAG LOWBATT EXEC

       If you also want to continue writing to the syslog, just add it in:

	   NOTIFYFLAG ONLINE SYSLOG+EXEC
	   NOTIFYFLAG ONBATT SYSLOG+EXEC
	   NOTIFYFLAG LOWBATT SYSLOG+EXEC

       For a full list of notify flags, see the upsmon(8) documentation.

CONFIGURATION

       See upssched.conf(5) for information on configuring this program.

EARLY SHUTDOWNS

       To shut down the system early, define a timer that starts due to an ONBATT condition. When it triggers, make your CMDSCRIPT call your
       shutdown routine. It should finish by calling upsmon -c fsd so that upsmon gets to shut down the slaves in a controlled manner.

       Be sure you cancel the timer if power returns (ONLINE).

DEBOUNCING EVENTS

       If your UPS goes on and off battery frequently, you can use this program to reduce the number of pager messages that are sent out. Rather
       than sending pages directly from upsmon(8), use a short timer here. If the timer triggers with the UPS still on battery, then send the
       page. If the power returns before then, the timer can be cancelled and no page is necessary.

BACKGROUND

       This program was written primarily to fulfill the requests of users for the early shutdown scenario. The "outboard" design of the program
       (relative to upsmon) was intended to reduce the load on the average system. Most people don't have the requirement of shutting down after N
       seconds on battery, since the usual OB+LB testing is sufficient.

       This program was created separately so those people don't have to spend CPU time and RAM on something that will never be used in their
       environments.

       The design of the timer handler is also geared towards minimizing impact. It will come and go from the process list as necessary. When a
       new timer is started, a process will be forked to actually watch the clock and eventually start the CMDSCRIPT. When a timer triggers, it is
       removed from the queue. Cancelling a timer will also remove it from the queue. When no timers are present in the queue, the background
       process exits.

       This means that you will only see upssched running when one of two things is happening:

       o   There's a timer of some sort currently running

       o   upsmon just called it, and you managed to catch the brief instance

       The final optimization handles the possibility of trying to cancel a timer when there are none running. If the timer daemon isn't running,
       there are no timers to cancel, and furthermore there is no need to start a clock-watcher. So, it skips that step and exits sooner.

FILES

       upssched.conf(5)

SEE ALSO

       upsmon(8)

   Internet resources:
       The NUT (Network UPS Tools) home page: http://www.networkupstools.org/

Network UPS Tools						    05/21/2012							       UPSSCHED(8)
All times are GMT -4. The time now is 07:08 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy