CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2384 from Security-Onion-Solutions/fix/telegraf_stenoloss

Browse Source 
make sure timestamp on steno log line has changed so we don't snapshot the drop%
This commit is contained in:
Josh Patterson
2020-12-18 11:02:29 -05:00
committed by GitHub
parent 575098e368 90dcad7e6f
commit b0db910e7a
1 changed files with 18 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
salt/telegraf/scripts/stenoloss.sh
View File

@@ -15,7 +15,6 @@
# You should have received a copy of the GNU General Public License # You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>. # along with this program. If not, see <http://www.gnu.org/licenses/>.
APP=stenoloss APP=stenoloss
lf=/tmp/$APP-pidLockFile lf=/tmp/$APP-pidLockFile
# create empty lock file if none exists # create empty lock file if none exists
@@ -25,7 +24,22 @@ read lastPID < $lf
[ ! -z "$lastPID" -a -d /proc/$lastPID ] && exit [ ! -z "$lastPID" -a -d /proc/$lastPID ] && exit
echo $$ > $lf echo $$ > $lf
# Get the data TSFILE=/var/log/telegraf/laststenodrop.log
DROP=$(tac /var/log/stenographer/stenographer.log | grep -m1 drop | awk '{print $14}' | awk -F "=" '{print $2}') if [ -f "$TSFILE" ]; then
LASTTS=$(cat $TSFILE)
else
LASTTS=0
fi
echo "stenodrop drop=$DROP" # Get the data
LOGLINE=$(tac /var/log/stenographer/stenographer.log | grep -m1 drop)
CURRENTTS=$(echo $LOGLINE | awk '{print $1}')
if [[ "$CURRENTTS" != "$LASTTS" ]]; then
DROP=$(echo $LOGLINE | awk '{print $14}' | awk -F "=" '{print $2}')
echo $CURRENTTS > $TSFILE
else
DROP=0
fi
echo "stenodrop drop=$DROP"