Created
August 15, 2013 15:42
-
-
Save JustinAzoff/6241896 to your computer and use it in GitHub Desktop.
version of the snort drop rate munin plugin that can graph multiple snort instances
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # -*- sh -*- | |
| : << =cut | |
| =head1 NAME | |
| snort_droprate - Plugin to monitor Snort packet drop rate | |
| =head1 CONFIGURATION | |
| The following configuration variables are used by this plugin | |
| [snort_droprate] | |
| env.statsfileglob - Logfile to Snort's perfmonitor logfile | |
| env.warning - Warning percentage | |
| env.critical - Critical percentage | |
| =head2 DEFAULT CONFIGURATION | |
| [snort_drop_rate] | |
| env.statsfileglob=/var/snort/*/snort.stats | |
| =head1 AUTHORS | |
| Copyright (C) 2009 Edward Bjarte Fjellskål | |
| Copyright (C) 2010 Rado Rovny | |
| =head1 LICENSE | |
| GNU GPLv2 | |
| =begin comment | |
| This program is free software; you can redistribute it and/or | |
| modify it under the terms of the GNU General Public License | |
| as published by the Free Software Foundation; version 2 dated June, | |
| 1991. | |
| This program is distributed in the hope that it will be useful, | |
| but WITHOUT ANY WARRANTY; without even the implied warranty of | |
| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
| GNU General Public License for more details. | |
| You should have received a copy of the GNU General Public License | |
| along with this program; if not, write to the Free Software | |
| Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. | |
| =end comment | |
| =head1 MAGIC MARKERS | |
| #%# family=auto | |
| #%# capabilities=autoconf | |
| =cut | |
| if [ -z $statsfileglob ]; then | |
| _target=/var/snort/*/snort.stats | |
| else | |
| _target=$statsfile | |
| fi | |
| if [ "$1" = "autoconf" ]; then | |
| if [ -f $_target ]; then | |
| echo yes | |
| else | |
| echo "no ($_target not readable)" | |
| fi | |
| exit 0 | |
| fi | |
| if [ "$1" = "config" ]; then | |
| echo 'graph_title Snort Drop Rate' | |
| echo 'graph_args --base 1000 -l 0' | |
| echo 'graph_vlabel Drop percent' | |
| echo 'graph_scale no' | |
| echo 'graph_category Snort' | |
| for f in $_target; do | |
| instance=$(basename $(dirname $f)) | |
| echo "droprate_${instance}.label ${instance} Drop %" | |
| if [ -n "$warning" ]; then | |
| echo "droprate_${instance}.warning $warning" | |
| fi | |
| if [ -n "$critical" ]; then | |
| echo "droprate_${instance}.critical $critical" | |
| fi | |
| echo "droprate_${instance}.info Packet drop rate in %" | |
| done | |
| exit 0 | |
| fi | |
| for f in $_target; do | |
| instance=$(basename $(dirname $f)) | |
| echo -n "droprate_${instance}.value " | |
| echo $(tail -n1 $f| awk -F, '{ print $2 }') | |
| done |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment