From d094beafab44df452c27336cbdb14092d3efc38a Mon Sep 17 00:00:00 2001
From: Mike Reeves <luke@geekempire.com>
Date: Thu, 29 Nov 2018 19:49:04 -0500
Subject: [PATCH] Bro - Add cron for checking PL

---
 salt/common/telegraf/etc/telegraf.conf  |  2 ++
 salt/common/telegraf/scripts/broloss.sh | 15 +++++++++++----
 2 files changed, 13 insertions(+), 4 deletions(-)

diff --git a/salt/common/telegraf/etc/telegraf.conf b/salt/common/telegraf/etc/telegraf.conf
index 3ae65fd95..3d1bf30dc 100644
--- a/salt/common/telegraf/etc/telegraf.conf
+++ b/salt/common/telegraf/etc/telegraf.conf
@@ -629,6 +629,7 @@
      "/scripts/stenoloss.sh",
      "/scripts/suriloss.sh",
      "/scripts/checkfiles.sh",
+     "/scripts/broloss.sh",
      "/scripts/oldpcap.sh"
    ]
    data_format = "influx"
@@ -640,6 +641,7 @@
      "/scripts/stenoloss.sh",
      "/scripts/suriloss.sh",
      "/scripts/checkfiles.sh",
+     "/scripts/broloss.sh",
      "/scripts/oldpcap.sh"
    ]
    data_format = "influx"
diff --git a/salt/common/telegraf/scripts/broloss.sh b/salt/common/telegraf/scripts/broloss.sh
index 1b60f0517..503602ae7 100644
--- a/salt/common/telegraf/scripts/broloss.sh
+++ b/salt/common/telegraf/scripts/broloss.sh
@@ -1,6 +1,13 @@
 #!/bin/bash
 
-# Get the data
-DROP=$(tac /var/log/stenographer/stenographer.log | grep -m1 drop | awk '{print $14}' | awk -F "=" '{print $2}')
-
-echo "stenodrop drop=$DROP"
+BROLOG=$(tac /nsm/bro/logs/packetloss.log | head -2)
+declare RESULT=($BROLOG)
+CURRENTDROP=${RESULT[3]}
+PASTDROP=${RESULT[9]}
+DROPPED=$(($CURRENTDROP - $PASTDROP))
+CURRENTPACKETS=${RESULT[5]}
+PASTPACKETS=${RESULT[11]}
+TOTAL=$(($CURRENTPACKETS - $PASTPACKETS))
+echo "cd $CURRENTDROP pd $PASTDROP dr $DROPPED cp $CURRENTPACKETS pp $PASTPACKETS ttl $TOTAL"
+LOSS=$(echo $DROPPED $TOTAL / p | dc)
+echo "brodrop drop=$LOSS"