Common Module - Add Suricata PL tracker

2025-12-06 17:22:49 +01:00 · 2018-11-28 10:15:42 -05:00
parent 8acfea33a2
commit d632ebb4e0
3 changed files with 16 additions and 0 deletions
--- a/salt/common/init.sls
+++ b/salt/common/init.sls
@@ -178,6 +178,7 @@ so-telegraf:
      - /etc/pki/influxdb.key:/etc/telegraf/telegraf.key:ro
      - /opt/so/conf/telegraf/scripts:/scripts:ro
      - /opt/so/log/stenographer:/var/log/stenographer:ro
+      - /opt/so/log/suricata:/var/log/suricata:ro
    - watch:
      - /opt/so/conf/telegraf/etc/telegraf.conf
      - /opt/so/conf/telegraf/scripts
--- a/salt/common/telegraf/scripts/suriloss.sh
+++ b/salt/common/telegraf/scripts/suriloss.sh
@@ -0,0 +1,15 @@
+#!/bin/bash
+
+SURILOG=$(tac /var/log/suricata/stats.log | grep kernel | head -4)
+declare RESULT=($SURILOG)
+
+CURRENTDROP=${RESULT[4]}
+PASTDROP=${RESULT[14]}
+DROPPED=$(($CURRENTDROP - $PASTDROP))
+
+CURRENTPACKETS=${RESULT[9]}
+PASTPACKETS=${RESULT[19]}
+TOTAL=$(($CURRENTPACKETS - $PASTPACKETS))
+
+LOSS=$(echo $DROPPED $TOTAL / p | dc)
+echo "suridrop drop=$LOSS"
--- a/salt/common/tools/packetloss.py
+++ b/salt/common/tools/packetloss.py