mirror of
https://github.com/Security-Onion-Solutions/securityonion.git
synced 2025-12-06 09:12:45 +01:00
31 lines
1.3 KiB
Bash
31 lines
1.3 KiB
Bash
#!/bin/bash
|
|
#
|
|
# Copyright Security Onion Solutions LLC and/or licensed to Security Onion Solutions LLC under one
|
|
# or more contributor license agreements. Licensed under the Elastic License 2.0 as shown at
|
|
# https://securityonion.net/license; you may not use this file except in compliance with the
|
|
# Elastic License 2.0.
|
|
|
|
# Read Suricata ruleset stats from JSON file written by so-suricata-rulestats cron job
|
|
# JSON format: {"rules_loaded":45879,"rules_failed":1,"last_reload":"2025-12-04T14:10:57+0000","return":"OK"}
|
|
# or on failure: {"return":"FAIL"}
|
|
|
|
# if this script isn't already running
|
|
if [[ ! "`pidof -x $(basename $0) -o %PPID`" ]]; then
|
|
|
|
STATSFILE="/var/log/suricata/rulestats.json"
|
|
|
|
# Check file exists, is less than 90 seconds old, and has valid data
|
|
if [ -f "$STATSFILE" ] && [ $(($(date +%s) - $(stat -c %Y "$STATSFILE"))) -lt 90 ] && jq -e '.return == "OK" and .rules_loaded != null and .rules_failed != null' "$STATSFILE" > /dev/null 2>&1; then
|
|
LOADED=$(jq -r '.rules_loaded' "$STATSFILE")
|
|
FAILED=$(jq -r '.rules_failed' "$STATSFILE")
|
|
RELOAD_TIME=$(jq -r '.last_reload // ""' "$STATSFILE")
|
|
|
|
echo "surirules loaded=${LOADED}i,failed=${FAILED}i,reload_time=\"${RELOAD_TIME}\",status=\"ok\""
|
|
else
|
|
echo "surirules loaded=0i,failed=0i,reload_time=\"\",status=\"unknown\""
|
|
fi
|
|
|
|
fi
|
|
|
|
exit 0
|