From d632ebb4e09cdbd8b8bb639c1982c587254d586c Mon Sep 17 00:00:00 2001
From: Mike Reeves <luke@geekempire.com>
Date: Wed, 28 Nov 2018 10:15:42 -0500
Subject: [PATCH] Common Module - Add Suricata PL tracker

---
 salt/common/init.sls                     |  1 +
 salt/common/telegraf/scripts/suriloss.sh | 15 +++++++++++++++
 salt/common/tools/packetloss.py          |  0
 3 files changed, 16 insertions(+)
 create mode 100644 salt/common/telegraf/scripts/suriloss.sh
 create mode 100644 salt/common/tools/packetloss.py

diff --git a/salt/common/init.sls b/salt/common/init.sls
index b5960dd04..e4f626364 100644
--- a/salt/common/init.sls
+++ b/salt/common/init.sls
@@ -178,6 +178,7 @@ so-telegraf:
       - /etc/pki/influxdb.key:/etc/telegraf/telegraf.key:ro
       - /opt/so/conf/telegraf/scripts:/scripts:ro
       - /opt/so/log/stenographer:/var/log/stenographer:ro
+      - /opt/so/log/suricata:/var/log/suricata:ro
     - watch:
       - /opt/so/conf/telegraf/etc/telegraf.conf
       - /opt/so/conf/telegraf/scripts
diff --git a/salt/common/telegraf/scripts/suriloss.sh b/salt/common/telegraf/scripts/suriloss.sh
new file mode 100644
index 000000000..4cd363253
--- /dev/null
+++ b/salt/common/telegraf/scripts/suriloss.sh
@@ -0,0 +1,15 @@
+#!/bin/bash
+
+SURILOG=$(tac /var/log/suricata/stats.log | grep kernel | head -4)
+declare RESULT=($SURILOG)
+
+CURRENTDROP=${RESULT[4]}
+PASTDROP=${RESULT[14]}
+DROPPED=$(($CURRENTDROP - $PASTDROP))
+
+CURRENTPACKETS=${RESULT[9]}
+PASTPACKETS=${RESULT[19]}
+TOTAL=$(($CURRENTPACKETS - $PASTPACKETS))
+
+LOSS=$(echo $DROPPED $TOTAL / p | dc)
+echo "suridrop drop=$LOSS"
diff --git a/salt/common/tools/packetloss.py b/salt/common/tools/packetloss.py
new file mode 100644
index 000000000..e69de29bb