CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2025-12-06 17:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

Update zeekloss.sh

Browse Source
This commit is contained in:
Mike Reeves
2020-11-11 11:43:28 -05:00
committed by GitHub
parent 6ff1922788
commit edb0d71e87
1 changed files with 11 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
salt/telegraf/scripts/zeekloss.sh
View File

@@ -1,5 +1,15 @@
#!/bin/bash #!/bin/bash
# This script returns the packets dropped by Zeek, but it isn't a percentage. $LOSS * 100 would be the percentage # This script returns the packets dropped by Zeek, but it isn't a percentage. $LOSS * 100 would be the percentage
APP=zeekloss
lf=/tmp/$APP-pidLockFile
# create empty lock file if none exists
cat /dev/null >> $lf
read lastPID < $lf
# if lastPID is not null and a process with that pid exists , exit
[ ! -z "$lastPID" -a -d /proc/$lastPID ] && exit
echo $$ > $lf
ZEEKLOG=$(tac /host/nsm/zeek/logs/packetloss.log | head -2) ZEEKLOG=$(tac /host/nsm/zeek/logs/packetloss.log | head -2)
declare RESULT=($ZEEKLOG) declare RESULT=($ZEEKLOG)
CURRENTDROP=${RESULT[3]} CURRENTDROP=${RESULT[3]}
@@ -14,4 +24,4 @@ else
TOTAL=$((CURRENTPACKETS - PASTPACKETS)) TOTAL=$((CURRENTPACKETS - PASTPACKETS))
LOSS=$(echo $DROPPED $TOTAL / p | dc) LOSS=$(echo $DROPPED $TOTAL / p | dc)
echo "zeekdrop drop=$LOSS" echo "zeekdrop drop=$LOSS"
fi fi