CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

just print the loss

Browse Source
This commit is contained in:
m0duspwnens
2020-10-06 18:44:22 -04:00
parent f95712c502
commit af2df2c7d1
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
salt/telegraf/scripts/zeekcaptureloss.sh
View File

@@ -2,6 +2,6 @@
{% set WORKERS = salt['pillar.get']('sensor:zeek_lbprocs', salt['pillar.get']('sensor:zeek_pins') | length) %} {% set WORKERS = salt['pillar.get']('sensor:zeek_lbprocs', salt['pillar.get']('sensor:zeek_pins') | length) %}
ZEEKLOG=/host/nsm/zeek/spool/logger/capture_loss.log ZEEKLOG=/host/nsm/zeek/spool/logger/capture_loss.log
if [ -f "$ZEEKLOG" ]; then if [ -f "$ZEEKLOG" ]; then
LOSS=$(tail -{{WORKERS}} $ZEEKLOG | awk -F, '{print $NF}' | sed 's/}//' | awk -F: '{LOSS += $2 / {{WORKERS}}} END { print "loss: " LOSS}') LOSS=$(tail -{{WORKERS}} $ZEEKLOG | awk -F, '{print $NF}' | sed 's/}//' | awk -F: '{LOSS += $2 / {{WORKERS}}} END { print LOSS}')
echo "zeekcaptureloss loss=$LOSS" echo "zeekcaptureloss loss=$LOSS"
fi fi