CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

add modules to be used in monitoring - https://github.com/Security-Onion-Solutions/securityonion-saltstack/issues/90

Browse Source
This commit is contained in:
m0duspwnens
2020-03-24 17:27:55 -04:00
parent bc76739f6e
commit 7e6c70aff2
6 changed files with 48 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
salt/_modules/healthcheck.py Normal file
View File

@@ -0,0 +1,22 @@
#!py
import logging
def docker_restart(container, state):
stopdocker = __salt__['docker.rm'](container, 'force=True')
__salt__['state.apply'](state)
def zeek():
retcode = __salt__['zeekctl.status'](verbose=False)
logging.info('zeekctl.status retcode: %i' % retcode)
if retcode:
docker_restart('so-zeek', 'zeek')
zeek_restarted = True
else:
zeek_restarted = False
__salt__['telegraf.send']('healthcheck zeek_restarted: %s' % str(zeek_restarted))
return 'zeek_restarted: %s' % str(zeek_restarted)

16
salt/_modules/telegraf.py Normal file
View File

@@ -0,0 +1,16 @@
#!py
import logging
import socket
def send(data):
mainint = __salt__['pillar.get']('node:mainint')
mainip = __salt__['grains.get']('ip_interfaces').get(mainint)[0]
dstport = 8094
sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
sent = sock.sendto(data.encode('utf-8'), (mainip, dstport))
return sent

5
salt/_modules/zeekctl.py
View File

@@ -134,10 +134,13 @@ def start():
return retval return retval
def status(): def status(verbose=True):
cmd = "runuser -l zeek -c '/opt/zeek/bin/zeekctl status'" cmd = "runuser -l zeek -c '/opt/zeek/bin/zeekctl status'"
retval = __salt__['docker.run']('so-zeek', cmd) retval = __salt__['docker.run']('so-zeek', cmd)
if not verbose:
retval = __context__['retcode']
return retval return retval

2
salt/common/init.sls
View File

@@ -187,6 +187,8 @@ so-telegraf:
- HOST_SYS=/host/sys - HOST_SYS=/host/sys
- HOST_MOUNT_PREFIX=/host - HOST_MOUNT_PREFIX=/host
- network_mode: host - network_mode: host
- port_bindings:
- 127.0.0.1:8094:8094
- binds: - binds:
- /opt/so/log/telegraf:/var/log/telegraf:rw - /opt/so/log/telegraf:/var/log/telegraf:rw
- /opt/so/conf/telegraf/etc/telegraf.conf:/etc/telegraf/telegraf.conf:ro - /opt/so/conf/telegraf/etc/telegraf.conf:/etc/telegraf/telegraf.conf:ro

3
salt/common/telegraf/etc/telegraf.conf
View File

@@ -2053,6 +2053,9 @@
# ## more about them here: # ## more about them here:
# ## https://github.com/influxdata/telegraf/blob/master/docs/DATA_FORMATS_INPUT.md # ## https://github.com/influxdata/telegraf/blob/master/docs/DATA_FORMATS_INPUT.md
# # data_format = "influx" # # data_format = "influx"
[[inputs.socket_listener]]
service_address = "udp://:8094"
data_format = "influx"
# # Statsd UDP/TCP Server # # Statsd UDP/TCP Server

2
salt/common/telegraf/scripts/influxdbsize.sh
View File

@@ -1,5 +1,5 @@
#!/bin/bash #!/bin/bash
INFLUXSIZE=$(du -s -B1 /host/nsm/influxdb | awk {'print $1'} INFLUXSIZE=$(du -s -B1 /host/nsm/influxdb | awk {'print $1'})
echo "influxsize bytes=$INFLUXSIZE" echo "influxsize bytes=$INFLUXSIZE"