CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2609 from Security-Onion-Solutions/issue/2590

Browse Source 
Issue/2590
This commit is contained in:
Josh Patterson
2021-01-12 16:43:45 -05:00
committed by GitHub
parent aa8a14d74a 225ed1c14a
commit 02d4813ef7
2 changed files with 17 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
salt/telegraf/scripts/suriloss.sh
View File

@@ -33,20 +33,20 @@ if [ $CHECKIT == 2 ]; then
CURRENTDROP=${RESULT[4]} CURRENTDROP=${RESULT[4]}
PASTDROP=${RESULT[14]} PASTDROP=${RESULT[14]}
DROPPED=$(($CURRENTDROP - $PASTDROP)) DROPPED=$((CURRENTDROP - PASTDROP))
if [ $DROPPED == 0 ]; then if [ $DROPPED == 0 ]; then
LOSS=0 LOSS=0
echo "suridrop drop=0" echo "suridrop drop=0"
else else
CURRENTPACKETS=${RESULT[9]} CURRENTPACKETS=${RESULT[9]}
PASTPACKETS=${RESULT[19]} PASTPACKETS=${RESULT[19]}
TOTALCURRENT=$(($CURRENTPACKETS + $CURRENTDROP)) TOTALCURRENT=$((CURRENTPACKETS + CURRENTDROP))
TOTALPAST=$(($PASTPACKETS + $PASTDROP)) TOTALPAST=$((PASTPACKETS + PASTDROP))
TOTAL=$(($TOTALCURRENT - $TOTALPAST)) TOTAL=$((TOTALCURRENT - TOTALPAST))
LOSS=$(echo 4 k $DROPPED $TOTAL / p | dc) LOSS=$(echo 4 k $DROPPED $TOTAL / p | dc)
echo "suridrop drop=$LOSS" echo "suridrop drop=$LOSS"
fi fi
else else
echo "suridrop drop=0" echo "suridrop drop=0"
fi fi

17
salt/telegraf/scripts/zeekloss.sh
View File

@@ -29,15 +29,22 @@ echo $$ > $lf
ZEEKLOG=$(tac /host/nsm/zeek/logs/packetloss.log | head -2) ZEEKLOG=$(tac /host/nsm/zeek/logs/packetloss.log | head -2)
declare RESULT=($ZEEKLOG) declare RESULT=($ZEEKLOG)
CURRENTDROP=${RESULT[3]} CURRENTDROP=${RESULT[3]}
PASTDROP=${RESULT[9]} # zeek likely not running if this is true
DROPPED=$((CURRENTDROP - PASTDROP)) if [[ $CURRENTDROP == "rcvd:" ]]; then
if [ $DROPPED == 0 ]; then CURRENTDROP=0
PASTDROP=0
DROPPED=0
else
PASTDROP=${RESULT[9]}
DROPPED=$((CURRENTDROP - PASTDROP))
fi
if [[ "$DROPPED" -le 0 ]]; then
LOSS=0 LOSS=0
echo "zeekdrop drop=0" echo "zeekdrop drop=0"
else else
CURRENTPACKETS=${RESULT[5]} CURRENTPACKETS=${RESULT[5]}
PASTPACKETS=${RESULT[11]} PASTPACKETS=${RESULT[11]}
TOTAL=$((CURRENTPACKETS - PASTPACKETS)) TOTAL=$((CURRENTPACKETS - PASTPACKETS))
LOSS=$(echo $DROPPED $TOTAL / p | dc) LOSS=$(echo 4 k $DROPPED $TOTAL / p | dc)
echo "zeekdrop drop=$LOSS" echo "zeekdrop drop=$LOSS"
fi fi