#!/bin/sh
#
# ncp         Start/Stop the network connection profiler
#
# chkconfig: 2345 40 60
# description:  records packets for further analysis of network traffic
#		i.e. to research alerts to see the entire conversation
#
# Source function library.
. /etc/rc.d/init.d/functions

# Set main configuration options here
SANCP_ARCHIVE_DIR="/var/log/sancp"
SANCP_CONFIG="-c /etc/sancp/sancp.conf"
SANCP_INTERFACE="-i eth0"
SANCP_USER="-u sancp"
SANCP_GROUP="-g sancp"
#
# UNCOMMENT/modify the following options you want enabled at startup
#
#SANCP_RECORD_ICMP_TYPE_CODE="-I"
#SANCP_HUMAN_READABLE_OUTPUT="-H"
#SANCP_DEBUG_PCAP_RAW_MODE="-A"

# This startup script will create the 'today' directory for you
# So don't bother - its a link anyway
SANCP_OUTPUT_DIR="-d $SANCP_ARCHIVE_DIR/today"

#
# We'll add up all the options above and use them
#
SANCP_OPTIONS=" $SANCP_USER $SANCP_GROUP $SANCP_RECORD_ICMP_TYPE_CODE $SANCP_HUMAN_READABLE_OUTPUT $SANCP_OPTIONS"

today=`date '+%Y-%m-%d'`

# See how we were called.
case "$1" in
  start)
        echo -n "Starting sancp: ";
	#
	# Make sure we have a directory to log in for today
	#
	if [ ! -d $SANCP_ARCHIVE_DIR/$today ]; then
		/bin/mkdir $SANCP_ARCHIVE_DIR/$today
		/bin/rm -f $SANCP_ARCHIVE_DIR/today
	fi
	if [ ! -d $SANCP_ARCHIVE_DIR/today ]; then
		/bin/ln -s $SANCP_ARCHIVE_DIR/$today $SANCP_ARCHIVE_DIR/today
	fi

	echo /usr/local/bin/sancp $SANCP_OUTPUT_DIR $SANCP_INTERFACE $SANCP_CONFIG $SANCP_FILTER $SANCP_DEFAULT_TIMEOUT $SANCP_OPTIONS 
	/usr/local/bin/sancp $SANCP_OUTPUT_DIR $SANCP_INTERFACE $SANCP_CONFIG $SANCP_FILTER $SANCP_DEFAULT_TIMEOUT $SANCP_OPTIONS > /var/log/sancp.log  2>&1 &
	PID1=$!

        touch /var/lock/subsys/sancp
        echo "$PID1" > /var/run/sancp.pid
	if [ `status sancp | grep running | wc -l` -gt 0 ];then
		daemon true
	else
		daemon false
	fi
	echo
	;;
  stop)
        echo -n "Stopping sancp (sa network connection profiler): "
        killproc sancp
        rm -f /var/lock/subsys/sancp
        echo
        ;;
  stats)
        # Show the rules and counters
	echo -n "Dumping sancp rule stats"
	killproc sancp -USR1
        echo
	;;
  now)
        # Dump all on-going connections 
	echo -n "Dumping sancp connections going on right now"
	killproc sancp -USR2
        echo
	;;
  *hup)
        # Make certain all is running
	echo -n "hupping sa ncp (sa network connection profiler): "
	if [ ! -d $SANCP_ARCHIVE_DIR/$today ]; then
		/bin/mkdir $SANCP_ARCHIVE_DIR/$today
		/bin/rm -f $SANCP_ARCHIVE_DIR/today
	fi
	if [ ! -d $SANCP_ARCHIVE_DIR/today ]; then
		/bin/ln -s $SANCP_ARCHIVE_DIR/$today $SANCP_ARCHIVE_DIR/today
	fi
	killproc sancp -HUP
        echo
	;;
  restart)
        $0 stop
        $0 start
        ;;
  status)
        status sancp
        ;;
  *)
        echo "Usage: $0 {start|stop|restart|status}"
        exit 1
esac

exit 0
