diff --git a/usr/lib/nsmnow/lib-nsm-sensor-utils b/usr/lib/nsmnow/lib-nsm-sensor-utils
index ffc2b51..1060e4e 100644
--- a/usr/lib/nsmnow/lib-nsm-sensor-utils
+++ b/usr/lib/nsmnow/lib-nsm-sensor-utils
@@ -368,8 +368,8 @@ sensor_cleandisk()
 				# there are no pcaps from previous days, so look for pcaps from today that we can delete
 			        CUR_USAGE=$(df -P $SENSOR_DIR | grep -v -i filesystem | awk '{print $5}' | tr -d %)
 				# keep looping until EITHER disk usage is no longer critical OR we're out of pcaps to delete
-				while [ "$CUR_USAGE" -gt "$CRIT_DISK_USAGE" ] && [ `ls $SENSOR/dailylogs/$TODAY/snort.log.* | wc -l` -gt 1 ]; do
-					PCAP=`ls $SENSOR/dailylogs/$TODAY/snort.log.* |head -1`
+				while [ "$CUR_USAGE" -gt "$CRIT_DISK_USAGE" ] && [ `find $SENSOR/dailylogs/$TODAY/ -type f -name 'snort.log.*' | wc -l` -gt 1 ]; do
+					PCAP=`find $SENSOR/dailylogs/$TODAY/ -type f -name 'snort.log.*' | sort | head -1`
 					echo_msg 1 "removing pcap from today's directory: $PCAP"
 					rm -f "$PCAP"
 				        CUR_USAGE=$(df -P $SENSOR_DIR | grep -v -i filesystem | awk '{print $5}' | tr -d %)