CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Telegraf - Fix Suri script so it requires 2 drops in a row

Browse Source
This commit is contained in:
Mike Reeves
2018-11-29 11:35:14 -05:00
parent 9e9fb3e7b1
commit bb1ee0ead5
3 changed files with 16 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
salt/common/telegraf/scripts/suriloss.sh
View File

@@ -1,15 +1,21 @@
#!/bin/bash #!/bin/bash
SURILOG=$(tac /var/log/suricata/stats.log | grep kernel | head -4) SURILOG=$(tac /var/log/suricata/stats.log | grep kernel | head -4)
declare RESULT=($SURILOG) CHECKIT=$(echo $SURILOG | grep drop | wc -l)
CURRENTDROP=${RESULT[4]} if [ $CHECKIT == 2 ]; then
PASTDROP=${RESULT[14]} declare RESULT=($SURILOG)
DROPPED=$(($CURRENTDROP - $PASTDROP))
CURRENTPACKETS=${RESULT[9]} CURRENTDROP=${RESULT[4]}
PASTPACKETS=${RESULT[19]} PASTDROP=${RESULT[14]}
TOTAL=$(($CURRENTPACKETS - $PASTPACKETS)) DROPPED=$(($CURRENTDROP - $PASTDROP))
LOSS=$(echo $DROPPED $TOTAL / p | dc) CURRENTPACKETS=${RESULT[9]}
echo "suridrop drop=$LOSS" PASTPACKETS=${RESULT[19]}
TOTAL=$(($CURRENTPACKETS - $PASTPACKETS))
LOSS=$(echo $DROPPED $TOTAL / p | dc)
echo "suridrop drop=$LOSS"
else
echo "suridrop drop=0"
fi

0
salt/common/tools/brostatus.sh Normal file
View File

2
salt/suricata/files/suricata.yaml
View File

@@ -77,7 +77,7 @@ stats:
enabled: yes enabled: yes
# The interval field (in seconds) controls at what interval # The interval field (in seconds) controls at what interval
# the loggers are invoked. # the loggers are invoked.
interval: 8 interval: 30
# Configure the type of alert (and other) logging you would like. # Configure the type of alert (and other) logging you would like.
outputs: outputs: