Bro - Add cron for checking PL

salt/bro/cron/packetloss.sh

@@ -1,2 +1,2 @@
 #!/bin/bash
-/usr/bin/docker exec -it so-bro /opt/bro/bin/broctl netstats | awk -F '[ =]' '{RCVD += $5;DRP += $7;TTL += $9} END { print "rcvd: " RCVD, "dropped: " DRP, "total: " TTL}' >> /nsm/bro/logs/packetloss.log
+/usr/bin/docker exec so-bro /opt/bro/bin/broctl netstats | awk -F '[ =]' '{RCVD += $5;DRP += $7;TTL += $9} END { print "rcvd: " RCVD, "dropped: " DRP, "total: " TTL}' >> /nsm/bro/logs/packetloss.log

salt/bro/init.sls

@@ -70,11 +70,11 @@ plcronscript:
     - name: /usr/local/bin/packetloss.sh
     - source: salt://bro/cron/packetloss.sh
     - mode: 755
-    
+
 /usr/local/bin/packetloss.sh:
   cron.present:
     - user: root
-    - minute: '*/10'
+    - minute: '*/2'
     - hour: '*'
     - daymonth: '*'
     - month: '*'

salt/common/telegraf/scripts/broloss.sh

@@ -0,0 +1,6 @@
+#!/bin/bash
+
+# Get the data
+DROP=$(tac /var/log/stenographer/stenographer.log | grep -m1 drop | awk '{print $14}' | awk -F "=" '{print $2}')
+
+echo "stenodrop drop=$DROP"