Telegraf - Fix Suri script so it requires 2 drops in a row

salt/common/telegraf/scripts/suriloss.sh

@@ -1,6 +1,9 @@
 #!/bin/bash
 
 SURILOG=$(tac /var/log/suricata/stats.log | grep kernel | head -4)
+CHECKIT=$(echo $SURILOG | grep drop | wc -l)
+
+if [ $CHECKIT == 2 ]; then
   declare RESULT=($SURILOG)
 
   CURRENTDROP=${RESULT[4]}
@@ -13,3 +16,6 @@ TOTAL=$(($CURRENTPACKETS - $PASTPACKETS))
 
   LOSS=$(echo $DROPPED $TOTAL / p | dc)
   echo "suridrop drop=$LOSS"
+else
+  echo "suridrop drop=0"
+fi

salt/suricata/files/suricata.yaml

@@ -77,7 +77,7 @@ stats:
   enabled: yes
   # The interval field (in seconds) controls at what interval
   # the loggers are invoked.
-  interval: 8
+  interval: 30
 
 # Configure the type of alert (and other) logging you would like.
 outputs: