CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-07 09:42:46 +01:00
Code Issues Packages Projects Releases Wiki Activity

only send loss if timestamp on data has changed

Browse Source
This commit is contained in:
m0duspwnens
2020-10-07 11:23:06 -04:00
parent 1106b2bf96
commit 8540a691dc
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
salt/telegraf/scripts/zeekcaptureloss.sh
View File

@@ -2,7 +2,7 @@
# This script returns the average of all the workers average capture loss to telegraf / influxdb in influx format include nanosecond precision timestamp # This script returns the average of all the workers average capture loss to telegraf / influxdb in influx format include nanosecond precision timestamp
{%- set WORKERS = salt['pillar.get']('sensor:zeek_lbprocs', salt['pillar.get']('sensor:zeek_pins') | length) %} {%- set WORKERS = salt['pillar.get']('sensor:zeek_lbprocs', salt['pillar.get']('sensor:zeek_pins') | length) %}
ZEEKLOG=/host/nsm/zeek/spool/logger/capture_loss.log ZEEKLOG=/host/nsm/zeek/spool/logger/capture_loss.log
LASTCAPTURELOSSLOG=/host/opt/so/log/telegraf_lastcaptureloss.txt LASTCAPTURELOSSLOG=/var/log/telegraf/lastcaptureloss.txt
if [ -f "$ZEEKLOG" ]; then if [ -f "$ZEEKLOG" ]; then
CURRENTTS=$(tail -1 $ZEEKLOG | jq .ts | sed 's/"//g') CURRENTTS=$(tail -1 $ZEEKLOG | jq .ts | sed 's/"//g')
if [ -f "$LASTCAPTURELOSSLOG" ]; then if [ -f "$LASTCAPTURELOSSLOG" ]; then
@@ -12,5 +12,5 @@ if [ -f "$ZEEKLOG" ]; then
echo "zeekcaptureloss loss=$LOSS" echo "zeekcaptureloss loss=$LOSS"
fi fi
fi fi
echo "$CURRENTS" > $LASTCAPTURELOSSLOG echo "$CURRENTTS" > $LASTCAPTURELOSSLOG
fi fi