From 2f804335dac5e0c7a5063a26be8df290757f00a7 Mon Sep 17 00:00:00 2001
From: Mike Reeves <luke@geekempire.com>
Date: Thu, 29 Nov 2018 13:21:00 -0500
Subject: [PATCH] Telegraf - Fix Suri script so it requires 2 drops in a row

---
 salt/common/telegraf/scripts/suriloss.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/salt/common/telegraf/scripts/suriloss.sh b/salt/common/telegraf/scripts/suriloss.sh
index 1445b9e87..8ad84ef7c 100644
--- a/salt/common/telegraf/scripts/suriloss.sh
+++ b/salt/common/telegraf/scripts/suriloss.sh
@@ -1,7 +1,7 @@
 #!/bin/bash
 
 SURILOG=$(tac /var/log/suricata/stats.log | grep kernel | head -4)
-CHECKIT=$(echo $SURILOG | grep drop | wc -l)
+CHECKIT=$(echo $SURILOG | grep -o 'drop' | wc -l)
 
 if [ $CHECKIT == 2 ]; then
   declare RESULT=($SURILOG)