diff --git a/salt/grafana/dashboards/eval/eval.json b/salt/grafana/dashboards/eval/eval.json index 53d9ca643..04dcc6bb5 100644 --- a/salt/grafana/dashboards/eval/eval.json +++ b/salt/grafana/dashboards/eval/eval.json @@ -414,7 +414,7 @@ "type": "fill" } ], - "measurement": "brodrop", + "measurement": "zeekdrop", "orderByTime": "ASC", "policy": "default", "refId": "A", diff --git a/salt/grafana/dashboards/sensor_nodes/sensor.json b/salt/grafana/dashboards/sensor_nodes/sensor.json index 835c8a86d..9342add16 100644 --- a/salt/grafana/dashboards/sensor_nodes/sensor.json +++ b/salt/grafana/dashboards/sensor_nodes/sensor.json @@ -413,7 +413,7 @@ "type": "fill" } ], - "measurement": "brodrop", + "measurement": "zeekdrop", "orderByTime": "ASC", "policy": "default", "refId": "A", diff --git a/salt/grafana/dashboards/standalone/standalone.json b/salt/grafana/dashboards/standalone/standalone.json index 2587ff55f..27532f7b2 100644 --- a/salt/grafana/dashboards/standalone/standalone.json +++ b/salt/grafana/dashboards/standalone/standalone.json @@ -4428,7 +4428,7 @@ "type": "fill" } ], - "measurement": "brodrop", + "measurement": "zeekdrop", "orderByTime": "ASC", "policy": "default", "refId": "A", diff --git a/salt/telegraf/etc/telegraf.conf b/salt/telegraf/etc/telegraf.conf index a1d7caa90..055b25c1d 100644 --- a/salt/telegraf/etc/telegraf.conf +++ b/salt/telegraf/etc/telegraf.conf @@ -679,7 +679,8 @@ "/scripts/stenoloss.sh", "/scripts/suriloss.sh", "/scripts/checkfiles.sh", - "/scripts/broloss.sh", + "/scripts/zeekloss.sh", + "/scripts/zeekcaptureloss.sh", "/scripts/oldpcap.sh" ] data_format = "influx" @@ -691,7 +692,8 @@ "/scripts/stenoloss.sh", "/scripts/suriloss.sh", "/scripts/checkfiles.sh", - "/scripts/broloss.sh", + "/scripts/zeekloss.sh", + "/scripts/zeekcaptureloss.sh", "/scripts/oldpcap.sh" ] data_format = "influx" @@ -702,7 +704,8 @@ "/scripts/stenoloss.sh", "/scripts/suriloss.sh", "/scripts/checkfiles.sh", - "/scripts/broloss.sh", + "/scripts/zeekloss.sh", + "/scripts/zeekcaptureloss.sh", "/scripts/oldpcap.sh", "/scripts/influxdbsize.sh" ] @@ -713,7 +716,8 @@ "/scripts/stenoloss.sh", "/scripts/suriloss.sh", "/scripts/checkfiles.sh", - "/scripts/broloss.sh", + "/scripts/zeekloss.sh", + "/scripts/zeekcaptureloss.sh", "/scripts/oldpcap.sh", "/scripts/helixeps.sh" ] diff --git a/salt/telegraf/scripts/zeekcaptureloss.sh b/salt/telegraf/scripts/zeekcaptureloss.sh new file mode 100644 index 000000000..53de85be9 --- /dev/null +++ b/salt/telegraf/scripts/zeekcaptureloss.sh @@ -0,0 +1,7 @@ +#!/bin/bash +{% set WORKERS = salt['pillar.get']('sensor:zeekprocs', salt['pillar.get']('sensor:zeekpins') | length) %} +ZEEKLOG=/host/nsm/zeek/logs/current/capture_loss.log +if [ -f "$ZEEKLOG" ]; then + LOSS=$(tail -{{WORKERS}} $ZEEKLOG | awk -F, '{print $NF}' | sed 's/}//' | awk -F: '{LOSS += $2 / {{WORKERS}}} END { print "loss: " LOSS}') + echo "zeekcaptureloss loss=$LOSS" +fi diff --git a/salt/telegraf/scripts/broloss.sh b/salt/telegraf/scripts/zeekloss.sh similarity index 86% rename from salt/telegraf/scripts/broloss.sh rename to salt/telegraf/scripts/zeekloss.sh index 6dc6cdeeb..6fb0b27f8 100644 --- a/salt/telegraf/scripts/broloss.sh +++ b/salt/telegraf/scripts/zeekloss.sh @@ -1,5 +1,4 @@ #!/bin/bash - ZEEKLOG=$(tac /host/nsm/zeek/logs/packetloss.log | head -2) declare RESULT=($ZEEKLOG) CURRENTDROP=${RESULT[3]} @@ -7,11 +6,11 @@ PASTDROP=${RESULT[9]} DROPPED=$((CURRENTDROP - PASTDROP)) if [ $DROPPED == 0 ]; then LOSS=0 - echo "brodrop drop=0" + echo "zeekdrop drop=0" else CURRENTPACKETS=${RESULT[5]} PASTPACKETS=${RESULT[11]} TOTAL=$((CURRENTPACKETS - PASTPACKETS)) LOSS=$(echo $DROPPED $TOTAL / p | dc) - echo "brodrop drop=$LOSS" + echo "zeekdrop drop=$LOSS" fi \ No newline at end of file