From f2e13b187428b460c8bf20c542532dacab4ea9ae Mon Sep 17 00:00:00 2001 From: Samuel Smith Date: Mon, 24 Jul 2017 20:46:17 -0500 Subject: [PATCH] Disable CHECK_INTERVAL when using journalctl --- psad | 31 ++++++++++++------------------- 1 file changed, 12 insertions(+), 19 deletions(-) diff --git a/psad b/psad index 5153aeb..b452281 100755 --- a/psad +++ b/psad @@ -818,14 +818,12 @@ MAIN: for (;;) { ### Get any new packets have been written to syslog if ($config{'ENABLE_FW_MSG_READ_CMD'} eq 'Y') { - if ($s->can_read(.5)) { - my $syslog_line = <$fwdata_fh>; - $fwdata_fh->flush(); - push @fw_packets, $syslog_line unless $fw_msg_read_continue; - $fw_msg_read_do_sleep = 0; - } else { + if ($s->can_read(120)) { + while ($s->can_read(.5) && @fw_packets < 10) { + my $syslog_line = <$fwdata_fh>; + push @fw_packets, $syslog_line unless $fw_msg_read_continue; + } $fw_msg_read_continue = 0; - $fw_msg_read_do_sleep = 1; } } else { @@ -848,19 +846,15 @@ MAIN: for (;;) { ### sleep for the check interval seconds if ($config{'ENABLE_FW_MSG_READ_CMD'} eq 'Y') { - if ($fw_msg_read_do_sleep - or (($#fw_packets+1) % $config{'FW_MSG_READ_MIN_PKTS'} == 0)) { - - if (@fw_packets) { - ### Extract data and summarize scan packets, assign danger - ### level, send email/syslog alerts. - &check_scan(\@fw_packets); - } - - &post_scan_processing($#fw_packets+1, \@add_ipt_addrs); - @fw_packets = (); + if (@fw_packets) { + ### Extract data and summarize scan packets, assign danger + ### level, send email/syslog alerts. + &check_scan( \@fw_packets ); } + &post_scan_processing( $#fw_packets + 1, \@add_ipt_addrs ); + @fw_packets = (); + unless (&look_for_process(quotemeta($fw_read_cmd))) { &sys_log("firewall logs read command '$fw_read_cmd' " . "is not running, restarting"); @@ -871,7 +865,6 @@ MAIN: for (;;) { $fw_msg_read_continue = 1; } - sleep $config{'CHECK_INTERVAL'} if $fw_msg_read_do_sleep; } else {