EVOLUTION-MANAGER
Edit File: npcaprepair
#!/bin/bash if [ -z "${1}" ] || [ -z "${2}" ] ; then echo "Check and repair a corrupted dump set, including indexes and timeline links" echo "Usage: $0 <storage path> <timeline path>" echo "Example: $0 /storage /storage/timeline" exit -1 fi STORAGE=$1 TIMELINE=$2 echo "Checking storage $STORAGE and timeline $TIMELINE" for PCAP in $(find ${STORAGE} -maxdepth 2 -name '*.pcap'); do FULL_TIME=$(tshark -r $PCAP -c 1 -o "gui.column.format:\"Time\",\"%Yt\"" 2> /dev/null) DATE=$(echo $FULL_TIME | cut -d" " -f 1) YEAR=$(echo $DATE | cut -d"-" -f 1) MONTH=$(echo $DATE | cut -d"-" -f 2) DAY=$(echo $DATE | cut -d"-" -f 3) TIME=$(echo $FULL_TIME | cut -d" " -f 2) HOUR=$(echo $TIME | cut -d":" -f 1) MIN=$(echo $TIME | cut -d":" -f 2) MIN_SLOT="${MIN%?}0" SEC_EXT=$(echo $TIME | cut -d":" -f 3) SEC=$(echo $SEC_EXT | cut -d"." -f 1) USEC=$(echo $SEC_EXT | cut -d"." -f 2 | cut -c1-6) EPOCH="$(date --date="$FULL_TIME" +%s).$USEC" INDEX="$PCAP.idx" echo "Checking $PCAP [date $YEAR/$MONTH/$DAY] [time $HOUR:$MIN:$SEC.$USEC] [epoch $EPOCH] [slot $MIN_SLOT]" if [ ! -f $INDEX ] || ! npcapprintindex -i $INDEX -c 2>1 > /dev/null ; then echo "Creating index $INDEX" npcapindex -q -i $PCAP -o $INDEX fi TIMELINE_SLOT="$TIMELINE/$YEAR/$MONTH/$DAY/$HOUR/$MIN_SLOT" if [ ! -L "$PCAP.timeline" ]; then if [ ! -d $TIMELINE_SLOT ]; then echo "Creating timeline slot $TIMELINE_SLOT" mkdir -p $TIMELINE_SLOT fi TIMELINE_PCAP="$TIMELINE_SLOT/$EPOCH.pcap" if [ ! -L $TIMELINE_PCAP ]; then echo "Creating link $TIMELINE_PCAP" # Absolute path #ln -s $PCAP $TIMELINE_PCAP # Relative path ln -sr $PCAP $TIMELINE_PCAP fi echo "Creating link $PCAP.timeline" # Absolute path #ln -s $TIMELINE_PCAP $PCAP.timeline # Relative path STORAGE_PATH=$(dirname $PCAP) PCAP_NAME=$(basename $PCAP) if [ `realpath --help | grep relative-to | wc -l` -gt 0 ]; then ln -s `realpath --relative-to=$STORAGE_PATH $TIMELINE_SLOT/`/$PCAP_NAME $PCAP.timeline else RELATIVE=$(perl -MFile::Spec -e "print File::Spec->abs2rel(q($TIMELINE_PCAP), q($STORAGE_PATH))") ln -s $RELATIVE $PCAP.timeline fi fi if [ ! -L "$INDEX.timeline" ]; then TIMELINE_INDEX="$TIMELINE_SLOT/$EPOCH.pcap.idx" if [ ! -L $TIMELINE_INDEX ]; then echo "Creating link $TIMELINE_INDEX" # Absolute path #ln -sr $INDEX $TIMELINE_INDEX # Relative path ln -sr $INDEX $TIMELINE_INDEX fi echo "Creating link $INDEX.timeline" # Absolute path #ln -s $TIMELINE_INDEX $INDEX.timeline # Relative path STORAGE_PATH=$(dirname $PCAP) INDEX_NAME=$(basename $INDEX) if [ `realpath --help | grep relative-to | wc -l` -gt 0 ]; then ln -s `realpath --relative-to=$STORAGE_PATH $TIMELINE_SLOT/`/$INDEX_NAME $INDEX.timeline else RELATIVE=$(perl -MFile::Spec -e "print File::Spec->abs2rel(q($TIMELINE_INDEX), q($STORAGE_PATH))") ln -s $RELATIVE $INDEX.timeline fi fi done exit 0