CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-07 01:32:47 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #11411 from Security-Onion-Solutions/TOoSmOotH-patch-6

Browse Source 
FIX: Remove telegraf beats EPS script
This commit is contained in:
Mike Reeves
2023-09-27 16:14:51 -04:00
committed by GitHub
parent 770a74c83d 039d5ae9aa
commit b6d58b2fb8
2 changed files with 0 additions and 46 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
salt/telegraf/defaults.yaml
View File

@@ -11,7 +11,6 @@ telegraf:
quiet: 'false' quiet: 'false'
scripts: scripts:
eval: eval:
- beatseps.sh
- checkfiles.sh - checkfiles.sh
- influxdbsize.sh - influxdbsize.sh
- oldpcap.sh - oldpcap.sh
@@ -23,7 +22,6 @@ telegraf:
- zeekcaptureloss.sh - zeekcaptureloss.sh
- zeekloss.sh - zeekloss.sh
standalone: standalone:
- beatseps.sh
- checkfiles.sh - checkfiles.sh
- eps.sh - eps.sh
- influxdbsize.sh - influxdbsize.sh
@@ -36,13 +34,11 @@ telegraf:
- zeekcaptureloss.sh - zeekcaptureloss.sh
- zeekloss.sh - zeekloss.sh
manager: manager:
- beatseps.sh
- influxdbsize.sh - influxdbsize.sh
- raid.sh - raid.sh
- redis.sh - redis.sh
- sostatus.sh - sostatus.sh
managersearch: managersearch:
- beatseps.sh
- eps.sh - eps.sh
- influxdbsize.sh - influxdbsize.sh
- raid.sh - raid.sh
@@ -51,7 +47,6 @@ telegraf:
import: import:
- sostatus.sh - sostatus.sh
sensor: sensor:
- beatseps.sh
- checkfiles.sh - checkfiles.sh
- oldpcap.sh - oldpcap.sh
- raid.sh - raid.sh
@@ -61,7 +56,6 @@ telegraf:
- zeekcaptureloss.sh - zeekcaptureloss.sh
- zeekloss.sh - zeekloss.sh
heavynode: heavynode:
- beatseps.sh
- checkfiles.sh - checkfiles.sh
- eps.sh - eps.sh
- oldpcap.sh - oldpcap.sh
@@ -75,12 +69,10 @@ telegraf:
idh: idh:
- sostatus.sh - sostatus.sh
searchnode: searchnode:
- beatseps.sh
- eps.sh - eps.sh
- raid.sh - raid.sh
- sostatus.sh - sostatus.sh
receiver: receiver:
- beatseps.sh
- eps.sh - eps.sh
- raid.sh - raid.sh
- redis.sh - redis.sh

38
salt/telegraf/scripts/beatseps.sh
View File

@@ -1,38 +0,0 @@
#!/bin/bash
#
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
# https://securityonion.net/license; you may not use this file except in compliance with the
# Elastic License 2.0.
# if this script isn't already running
if [[ ! "`pidof -x $(basename $0) -o %PPID`" ]]; then
PREVCOUNTFILE='/tmp/beatseps.txt'
EVENTCOUNTCURRENT="$(curl -s localhost:5066/stats | jq '.libbeat.output.events.acked')"
FAILEDEVENTCOUNT="$(curl -s localhost:5066/stats | jq '.libbeat.output.events.failed')"
if [ ! -z "$EVENTCOUNTCURRENT" ]; then
if [ -f "$PREVCOUNTFILE" ]; then
EVENTCOUNTPREVIOUS=`cat $PREVCOUNTFILE`
else
echo "${EVENTCOUNTCURRENT}" > $PREVCOUNTFILE
exit 0
fi
echo "${EVENTCOUNTCURRENT}" > $PREVCOUNTFILE
# the division by 30 is because the agent interval is 30 seconds
EVENTS=$(((EVENTCOUNTCURRENT - EVENTCOUNTPREVIOUS)/30))
if [ "$EVENTS" -lt 0 ]; then
EVENTS=0
fi
echo "fbstats eps=${EVENTS%%.*},failed=$FAILEDEVENTCOUNT"
fi
fi
exit 0