CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 09:12:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

Bro - Add cron for checking PL

Browse Source
This commit is contained in:
Mike Reeves
2018-11-29 19:13:28 -05:00
parent 62e5cb0f94
commit a824d06655
2 changed files with 8 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
salt/bro/cron/packetloss.sh
View File

@@ -0,0 +1 @@
docker exec -it so-bro /opt/bro/bin/broctl netstats | awk -F '[ =]' '{RCVD += $5;DRP += $7;TTL += $9} END { print "rcvd: " RCVD, "dropped: " DRP, "total: " TTL}' >> /nsm/bro/logs/packetloss.log

9
salt/bro/init.sls
View File

@@ -65,9 +65,14 @@ nodecfgsync:
- group: 939 - group: 939
- template: jinja - template: jinja
brocron: plcronscript:
file.managed:
- name: /usr/local/bin/packetloss.sh
- source: salt://bro/cron/packetloss.sh
- mode: 755
/usr/local/bin/packetloss.sh:
cron.present: cron.present:
- name: docker exec -it so-bro /opt/bro/bin/broctl netstats | awk -F '[ =]' '{RCVD += $5;DRP += $7;TTL += $9} END { print "rcvd: " RCVD, "dropped: " DRP, "total: " TTL}' >> /nsm/bro/logs/packetloss.log;
- user: root - user: root
- minute: '*/10' - minute: '*/10'
- hour: '*' - hour: '*'