[Sguil-users] trivial patch for log_packets.sh

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Bamm - here's a tiny patch to log_packets.sh, I found it a lot easier 
to use an outboard BPF file than trying to get all the escape/quoting 
issues on the command line. Also, this could be just my broken RHEL 
bash, but the '-n' test was always evaluting to true, even if FILTER 
was empty. Hence the "x$FOO = x" change.

diff -r1.24 log_packets.sh
52a53,54
> # For complicated filters, it can be cleaner to include a separate file
> FILTERFILE="$LOG_DIR/etc/log_packets-$HOSTNAME.bpf"
85c87
<     if [ -n $FILTER ]; then
---
>     if [ x$FILTER != "x" ]; then
86a89,90
>     elif [ x$FILTERFILE != "x" ]; then
>       eval exec $SNORT_PATH $OPTIONS -l $LOG_DIR/$today -b -i $INTERFACE -F $FILTERFILE > /tmp/snort.log 2>&1 &

-- 
 - Eric Sorenson - N37 17.255 W121 55.738 - http://eric.explosive.net -
 - Personal colo with a professional touch - http://www.explosive.net -