Merge pull request #11411 from Security-Onion-Solutions/TOoSmOotH-patch-6

FIX: Remove telegraf beats EPS script
2025-12-06 17:22:49 +01:00 · 2023-09-27 16:14:51 -04:00
parent 770a74c83d 039d5ae9aa
commit b6d58b2fb8
2 changed files with 0 additions and 46 deletions
--- a/salt/telegraf/defaults.yaml
+++ b/salt/telegraf/defaults.yaml
@@ -11,7 +11,6 @@ telegraf:
    quiet: 'false'
  scripts:
    eval:
-      - beatseps.sh
      - checkfiles.sh
      - influxdbsize.sh
      - oldpcap.sh
@@ -23,7 +22,6 @@ telegraf:
      - zeekcaptureloss.sh
      - zeekloss.sh
    standalone:
-      - beatseps.sh
      - checkfiles.sh
      - eps.sh
      - influxdbsize.sh
@@ -36,13 +34,11 @@ telegraf:
      - zeekcaptureloss.sh
      - zeekloss.sh
    manager:
-      - beatseps.sh
      - influxdbsize.sh
      - raid.sh
      - redis.sh
      - sostatus.sh
    managersearch:
-      - beatseps.sh
      - eps.sh
      - influxdbsize.sh
      - raid.sh
@@ -51,7 +47,6 @@ telegraf:
    import:
      - sostatus.sh
    sensor:
-      - beatseps.sh
      - checkfiles.sh
      - oldpcap.sh
      - raid.sh
@@ -61,7 +56,6 @@ telegraf:
      - zeekcaptureloss.sh
      - zeekloss.sh
    heavynode:
-      - beatseps.sh
      - checkfiles.sh
      - eps.sh
      - oldpcap.sh
@@ -75,12 +69,10 @@ telegraf:
    idh:
      - sostatus.sh
    searchnode:
-      - beatseps.sh
      - eps.sh
      - raid.sh
      - sostatus.sh
    receiver:
-      - beatseps.sh
      - eps.sh
      - raid.sh
      - redis.sh
--- a/salt/telegraf/scripts/beatseps.sh
+++ b/salt/telegraf/scripts/beatseps.sh
@@ -1,38 +0,0 @@
-#!/bin/bash
-#
-# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
-# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at 
-# https://securityonion.net/license; you may not use this file except in compliance with the
-# Elastic License 2.0.
-
-
-
-# if this script isn't already running
-if [[ ! "`pidof -x $(basename $0) -o %PPID`" ]]; then
-
-  PREVCOUNTFILE='/tmp/beatseps.txt'
-  EVENTCOUNTCURRENT="$(curl -s localhost:5066/stats | jq '.libbeat.output.events.acked')"
-  FAILEDEVENTCOUNT="$(curl -s localhost:5066/stats | jq '.libbeat.output.events.failed')"
-
-  if [ ! -z "$EVENTCOUNTCURRENT" ]; then
-
-    if [ -f "$PREVCOUNTFILE" ]; then
-      EVENTCOUNTPREVIOUS=`cat $PREVCOUNTFILE`
-    else
-      echo "${EVENTCOUNTCURRENT}" > $PREVCOUNTFILE
-      exit 0
-    fi
-
-    echo "${EVENTCOUNTCURRENT}" > $PREVCOUNTFILE
-    # the division by 30 is because the agent interval is 30 seconds
-    EVENTS=$(((EVENTCOUNTCURRENT - EVENTCOUNTPREVIOUS)/30))
-    if [ "$EVENTS" -lt 0 ]; then
-      EVENTS=0
-    fi
-
-    echo "fbstats eps=${EVENTS%%.*},failed=$FAILEDEVENTCOUNT"
-  fi
-
-fi
-
-exit 0