mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2026-02-20 22:15:28 +01:00
breakout common state - https://github.com/Security-Onion-Solutions/securityonion-saltstack/issues/587
This commit is contained in:
17
salt/telegraf/scripts/broloss.sh
Normal file
17
salt/telegraf/scripts/broloss.sh
Normal file
@@ -0,0 +1,17 @@
|
||||
#!/bin/bash
|
||||
|
||||
ZEEKLOG=$(tac /host/nsm/zeek/logs/packetloss.log | head -2)
|
||||
declare RESULT=($ZEEKLOG)
|
||||
CURRENTDROP=${RESULT[3]}
|
||||
PASTDROP=${RESULT[9]}
|
||||
DROPPED=$(($CURRENTDROP - $PASTDROP))
|
||||
if [ $DROPPED == 0 ]; then
|
||||
LOSS=0
|
||||
echo "brodrop drop=0"
|
||||
else
|
||||
CURRENTPACKETS=${RESULT[5]}
|
||||
PASTPACKETS=${RESULT[11]}
|
||||
TOTAL=$(($CURRENTPACKETS - $PASTPACKETS))
|
||||
LOSS=$(echo $DROPPED $TOTAL / p | dc)
|
||||
echo "brodrop drop=$LOSS"
|
||||
fi
|
||||
5
salt/telegraf/scripts/checkfiles.sh
Normal file
5
salt/telegraf/scripts/checkfiles.sh
Normal file
@@ -0,0 +1,5 @@
|
||||
#!/bin/bash
|
||||
|
||||
FILES=$(ls -1x /host/nsm/faf/complete/ | wc -l)
|
||||
|
||||
echo "faffiles files=$FILES"
|
||||
25
salt/telegraf/scripts/helixeps.sh
Normal file
25
salt/telegraf/scripts/helixeps.sh
Normal file
@@ -0,0 +1,25 @@
|
||||
#!/bin/bash
|
||||
|
||||
PREVCOUNTFILE='/tmp/helixevents.txt'
|
||||
EVENTCOUNTCURRENT="$(curl -s localhost:9600/_node/stats | jq '.pipelines.helix.events.out')"
|
||||
|
||||
if [ ! -z "$EVENTCOUNTCURRENT" ]; then
|
||||
|
||||
if [ -f "$PREVCOUNTFILE" ]; then
|
||||
EVENTCOUNTPREVIOUS=`cat $PREVCOUNTFILE`
|
||||
else
|
||||
echo "${EVENTCOUNTCURRENT}" > $PREVCOUNTFILE
|
||||
exit 0
|
||||
fi
|
||||
|
||||
echo "${EVENTCOUNTCURRENT}" > $PREVCOUNTFILE
|
||||
EVENTS=$(((EVENTCOUNTCURRENT - EVENTCOUNTPREVIOUS)/30))
|
||||
if [ "$EVENTS" -lt 0 ]; then
|
||||
EVENTS=0
|
||||
fi
|
||||
|
||||
echo "helixeps eps=${EVENTS%%.*}"
|
||||
|
||||
fi
|
||||
|
||||
exit 0
|
||||
5
salt/telegraf/scripts/influxdbsize.sh
Normal file
5
salt/telegraf/scripts/influxdbsize.sh
Normal file
@@ -0,0 +1,5 @@
|
||||
#!/bin/bash
|
||||
|
||||
INFLUXSIZE=$(du -s -B1 /host/nsm/influxdb | awk {'print $1'})
|
||||
|
||||
echo "influxsize bytes=$INFLUXSIZE"
|
||||
8
salt/telegraf/scripts/oldpcap.sh
Normal file
8
salt/telegraf/scripts/oldpcap.sh
Normal file
@@ -0,0 +1,8 @@
|
||||
#!/bin/bash
|
||||
|
||||
# Get the data
|
||||
OLDPCAP=$(find /host/nsm/pcap -type f -exec stat -c'%n %Z' {} + | sort | grep -v "\." | head -n 1 | awk {'print $2'})
|
||||
DATE=$(date +%s)
|
||||
AGE=$(($DATE - $OLDPCAP))
|
||||
|
||||
echo "pcapage seconds=$AGE"
|
||||
6
salt/telegraf/scripts/redis.sh
Normal file
6
salt/telegraf/scripts/redis.sh
Normal file
@@ -0,0 +1,6 @@
|
||||
#!/bin/bash
|
||||
|
||||
UNPARSED=$(redis-cli llen logstash:unparsed | awk '{print $1}')
|
||||
PARSED=$(redis-cli llen logstash:parsed | awk '{print $1}')
|
||||
|
||||
echo "redisqueue unparsed=$UNPARSED,parsed=$PARSED"
|
||||
6
salt/telegraf/scripts/stenoloss.sh
Normal file
6
salt/telegraf/scripts/stenoloss.sh
Normal file
@@ -0,0 +1,6 @@
|
||||
#!/bin/bash
|
||||
|
||||
# Get the data
|
||||
DROP=$(tac /var/log/stenographer/stenographer.log | grep -m1 drop | awk '{print $14}' | awk -F "=" '{print $2}')
|
||||
|
||||
echo "stenodrop drop=$DROP"
|
||||
25
salt/telegraf/scripts/suriloss.sh
Normal file
25
salt/telegraf/scripts/suriloss.sh
Normal file
@@ -0,0 +1,25 @@
|
||||
#!/bin/bash
|
||||
|
||||
SURILOG=$(tac /var/log/suricata/stats.log | grep kernel | head -4)
|
||||
CHECKIT=$(echo $SURILOG | grep -o 'drop' | wc -l)
|
||||
|
||||
if [ $CHECKIT == 2 ]; then
|
||||
declare RESULT=($SURILOG)
|
||||
|
||||
CURRENTDROP=${RESULT[4]}
|
||||
PASTDROP=${RESULT[14]}
|
||||
DROPPED=$(($CURRENTDROP - $PASTDROP))
|
||||
if [ $DROPPED == 0 ]; then
|
||||
LOSS=0
|
||||
echo "suridrop drop=0"
|
||||
else
|
||||
CURRENTPACKETS=${RESULT[9]}
|
||||
PASTPACKETS=${RESULT[19]}
|
||||
TOTAL=$(($CURRENTPACKETS - $PASTPACKETS))
|
||||
|
||||
LOSS=$(echo $DROPPED $TOTAL / p | dc)
|
||||
echo "suridrop drop=$LOSS"
|
||||
fi
|
||||
else
|
||||
echo "suridrop drop=0"
|
||||
fi
|
||||
Reference in New Issue
Block a user