CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Bro - Add cron for checking PL

Browse Source
This commit is contained in:
Mike Reeves
2018-11-29 19:49:04 -05:00
parent 11e6126c25
commit d094beafab
2 changed files with 13 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
salt/common/telegraf/etc/telegraf.conf
View File

@@ -629,6 +629,7 @@
"/scripts/stenoloss.sh", "/scripts/stenoloss.sh",
"/scripts/suriloss.sh", "/scripts/suriloss.sh",
"/scripts/checkfiles.sh", "/scripts/checkfiles.sh",
"/scripts/broloss.sh",
"/scripts/oldpcap.sh" "/scripts/oldpcap.sh"
] ]
data_format = "influx" data_format = "influx"
@@ -640,6 +641,7 @@
"/scripts/stenoloss.sh", "/scripts/stenoloss.sh",
"/scripts/suriloss.sh", "/scripts/suriloss.sh",
"/scripts/checkfiles.sh", "/scripts/checkfiles.sh",
"/scripts/broloss.sh",
"/scripts/oldpcap.sh" "/scripts/oldpcap.sh"
] ]
data_format = "influx" data_format = "influx"

15
salt/common/telegraf/scripts/broloss.sh
View File

@@ -1,6 +1,13 @@
#!/bin/bash #!/bin/bash
# Get the data BROLOG=$(tac /nsm/bro/logs/packetloss.log | head -2)
DROP=$(tac /var/log/stenographer/stenographer.log | grep -m1 drop | awk '{print $14}' | awk -F "=" '{print $2}') declare RESULT=($BROLOG)
CURRENTDROP=${RESULT[3]}
echo "stenodrop drop=$DROP" PASTDROP=${RESULT[9]}
DROPPED=$(($CURRENTDROP - $PASTDROP))
CURRENTPACKETS=${RESULT[5]}
PASTPACKETS=${RESULT[11]}
TOTAL=$(($CURRENTPACKETS - $PASTPACKETS))
echo "cd $CURRENTDROP pd $PASTDROP dr $DROPPED cp $CURRENTPACKETS pp $PASTPACKETS ttl $TOTAL"
LOSS=$(echo $DROPPED $TOTAL / p | dc)
echo "brodrop drop=$LOSS"