CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Bro - Add cron for checking PL

Browse Source
This commit is contained in:
Mike Reeves
2018-11-29 19:33:06 -05:00
parent 3b209d82a7
commit 11e6126c25
3 changed files with 9 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
salt/bro/cron/packetloss.sh
View File

@@ -1,2 +1,2 @@
#!/bin/bash
/usr/bin/docker exec -it so-bro /opt/bro/bin/broctl netstats | awk -F '[ =]' '{RCVD += $5;DRP += $7;TTL += $9} END { print "rcvd: " RCVD, "dropped: " DRP, "total: " TTL}' >> /nsm/bro/logs/packetloss.log
/usr/bin/docker exec so-bro /opt/bro/bin/broctl netstats | awk -F '[ =]' '{RCVD += $5;DRP += $7;TTL += $9} END { print "rcvd: " RCVD, "dropped: " DRP, "total: " TTL}' >> /nsm/bro/logs/packetloss.log

2
salt/bro/init.sls
View File

@@ -74,7 +74,7 @@ plcronscript:
/usr/local/bin/packetloss.sh:
cron.present:
- user: root
- minute: '*/10'
- minute: '*/2'
- hour: '*'
- daymonth: '*'
- month: '*'

6
salt/common/telegraf/scripts/broloss.sh Normal file
View File

@@ -0,0 +1,6 @@
#!/bin/bash
# Get the data
DROP=$(tac /var/log/stenographer/stenographer.log | grep -m1 drop | awk '{print $14}' | awk -F "=" '{print $2}')
echo "stenodrop drop=$DROP"