Merge pull request #450 from Security-Onion-Solutions/issue/90

adding zeekctl module to be used for monitoring zeek
2025-12-06 09:12:45 +01:00 · 2020-03-23 15:57:12 -04:00
parent 79feee1dd1 bc76739f6e
commit 6c39f93569
1 changed files with 155 additions and 0 deletions
--- a/salt/_modules/zeekctl.py
+++ b/salt/_modules/zeekctl.py
@@ -0,0 +1,155 @@
+#!py
+
+
+def capstats(interval=10):
+
+ cmd = "runuser -l zeek -c '/opt/zeek/bin/zeekctl capstats %i'" % interval
+ retval = __salt__['docker.run']('so-zeek', cmd)
+ 
+ return retval
+
+
+def check():
+
+ cmd = "runuser -l zeek -c '/opt/zeek/bin/zeekctl check'"
+ retval = __salt__['docker.run']('so-zeek', cmd)
+ 
+ return retval
+
+
+def cleanup(all=''):
+
+ retval = ''
+
+ if all: 
+   if all == 'all':
+     cmd = "runuser -l zeek -c '/opt/zeek/bin/zeekctl cleanup --all'"
+   else:
+     retval = 'Invalid option. zeekctl.help for options'
+ else:
+   cmd = "runuser -l zeek -c '/opt/zeek/bin/zeekctl cleanup'"
+
+ if not retval:
+   retval = __salt__['docker.run']('so-zeek', cmd)
+ return retval
+
+
+def config():
+
+ cmd = "runuser -l zeek -c '/opt/zeek/bin/zeekctl config'"
+ retval = __salt__['docker.run']('so-zeek', cmd)
+ return retval
+
+
+def deploy():
+
+ cmd = "runuser -l zeek -c '/opt/zeek/bin/zeekctl deploy'"
+ retval = __salt__['docker.run']('so-zeek', cmd)
+ return retval
+
+
+def df():
+
+ cmd = "runuser -l zeek -c '/opt/zeek/bin/zeekctl df'"
+ retval = __salt__['docker.run']('so-zeek', cmd)
+ return retval
+
+
+def diag():
+
+ cmd = "runuser -l zeek -c '/opt/zeek/bin/zeekctl diag'"
+ retval = __salt__['docker.run']('so-zeek', cmd)
+ return retval
+
+
+def install(local=''):
+
+ retval = ''
+
+ if local:
+   if local == 'local':
+     cmd = "runuser -l zeek -c '/opt/zeek/bin/zeekctl install --local'"
+   else:
+     retval = 'Invalid option. zeekctl.help for options' 
+ else:
+   cmd = "runuser -l zeek -c '/opt/zeek/bin/zeekctl install'"
+ 
+ if not retval:
+   retval = __salt__['docker.run']('so-zeek', cmd)
+ return retval
+
+
+def netstats():
+
+ cmd = "runuser -l zeek -c '/opt/zeek/bin/zeekctl netstats'"
+ retval = __salt__['docker.run']('so-zeek', cmd)
+ return retval
+
+
+def nodes():
+
+ cmd = "runuser -l zeek -c '/opt/zeek/bin/zeekctl nodes'"
+ retval = __salt__['docker.run']('so-zeek', cmd)
+ return retval
+
+
+def restart(clean=''):
+
+ retval = ''
+
+ if clean:
+   if clean == 'clean':
+     cmd = "runuser -l zeek -c '/opt/zeek/bin/zeekctl restart --clean'"
+   else:
+     retval = 'Invalid option. zeekctl.help for options'
+ else:
+   cmd = "runuser -l zeek -c '/opt/zeek/bin/zeekctl restart'"
+ 
+ if not retval:
+   retval = __salt__['docker.run']('so-zeek', cmd)
+ return retval
+
+
+def scripts(c=''):
+
+ retval = ''
+
+ if c:
+   if c == 'c':
+     cmd = "runuser -l zeek -c '/opt/zeek/bin/zeekctl scripts -c'"
+   else:
+     retval = 'Invalid option. zeekctl.help for options'
+ else:
+   cmd = "runuser -l zeek -c '/opt/zeek/bin/zeekctl scripts'"
+
+ if not retval:
+   retval = __salt__['docker.run']('so-zeek', cmd)
+ return retval
+
+
+def start():
+
+ cmd = "runuser -l zeek -c '/opt/zeek/bin/zeekctl start'"
+ retval = __salt__['docker.run']('so-zeek', cmd)
+ return retval
+
+
+def status():
+
+ cmd = "runuser -l zeek -c '/opt/zeek/bin/zeekctl status'"
+ retval = __salt__['docker.run']('so-zeek', cmd)
+ return retval
+
+
+def stop():
+
+ cmd = "runuser -l zeek -c '/opt/zeek/bin/zeekctl stop'"
+ retval = __salt__['docker.run']('so-zeek', cmd)
+ return retval
+
+
+def top():
+
+ cmd = "runuser -l zeek -c '/opt/zeek/bin/zeekctl top'"
+ retval = __salt__['docker.run']('so-zeek', cmd)
+ return retval