diff --git a/salt/common/init.sls b/salt/common/init.sls
index b5960dd04..e4f626364 100644
--- a/salt/common/init.sls
+++ b/salt/common/init.sls
@@ -178,6 +178,7 @@ so-telegraf:
       - /etc/pki/influxdb.key:/etc/telegraf/telegraf.key:ro
       - /opt/so/conf/telegraf/scripts:/scripts:ro
       - /opt/so/log/stenographer:/var/log/stenographer:ro
+      - /opt/so/log/suricata:/var/log/suricata:ro
     - watch:
       - /opt/so/conf/telegraf/etc/telegraf.conf
       - /opt/so/conf/telegraf/scripts
diff --git a/salt/common/telegraf/scripts/suriloss.sh b/salt/common/telegraf/scripts/suriloss.sh
new file mode 100644
index 000000000..4cd363253
--- /dev/null
+++ b/salt/common/telegraf/scripts/suriloss.sh
@@ -0,0 +1,15 @@
+#!/bin/bash
+
+SURILOG=$(tac /var/log/suricata/stats.log | grep kernel | head -4)
+declare RESULT=($SURILOG)
+
+CURRENTDROP=${RESULT[4]}
+PASTDROP=${RESULT[14]}
+DROPPED=$(($CURRENTDROP - $PASTDROP))
+
+CURRENTPACKETS=${RESULT[9]}
+PASTPACKETS=${RESULT[19]}
+TOTAL=$(($CURRENTPACKETS - $PASTPACKETS))
+
+LOSS=$(echo $DROPPED $TOTAL / p | dc)
+echo "suridrop drop=$LOSS"
diff --git a/salt/common/tools/packetloss.py b/salt/common/tools/packetloss.py
new file mode 100644
index 000000000..e69de29bb