resolve some issues with the zeekloss script https://github.com/Security-Onion-Solutions/securityonion/issues/2590

2025-12-06 17:22:49 +01:00 · 2021-01-11 14:10:08 -05:00
parent 8b49876e26
commit 6ea1a83afe
1 changed files with 12 additions and 5 deletions
--- a/salt/telegraf/scripts/zeekloss.sh
+++ b/salt/telegraf/scripts/zeekloss.sh
@@ -29,15 +29,22 @@ echo $$ > $lf
 ZEEKLOG=$(tac /host/nsm/zeek/logs/packetloss.log | head -2)
 declare RESULT=($ZEEKLOG)
 CURRENTDROP=${RESULT[3]}
-PASTDROP=${RESULT[9]}
-DROPPED=$((CURRENTDROP - PASTDROP))
-if [ $DROPPED == 0 ]; then
+# zeek likely not running if this is true
+if [[ $CURRENTDROP == "rcvd:" ]]; then
+  CURRENTDROP=0
+  PASTDROP=0
+  DROPPED=0
+else
+  PASTDROP=${RESULT[9]}
+  DROPPED=$((CURRENTDROP - PASTDROP))
+fi
+if [[ "$DROPPED" -le 0 ]]; then
  LOSS=0
  echo "zeekdrop drop=0"
 else
  CURRENTPACKETS=${RESULT[5]}
  PASTPACKETS=${RESULT[11]}
  TOTAL=$((CURRENTPACKETS - PASTPACKETS))
-  LOSS=$(echo $DROPPED $TOTAL / p | dc)
+  LOSS=$(echo 4k $DROPPED $TOTAL / p | dc)
  echo "zeekdrop drop=$LOSS"
 fi