Changeset 3333
- Timestamp:
- 02/03/10 13:56:04 (2 years ago)
- Files:
-
- trunk/plugins/node.d/snort_alerts.in (modified) (3 diffs)
- trunk/plugins/node.d/snort_bytes_pkt.in (modified) (3 diffs)
- trunk/plugins/node.d/snort_drop_rate.in (modified) (3 diffs)
- trunk/plugins/node.d/snort_pattern_match.in (modified) (3 diffs)
- trunk/plugins/node.d/snort_pkts.in (modified) (2 diffs)
- trunk/plugins/node.d/snort_traffic.in (modified) (3 diffs)
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
trunk/plugins/node.d/snort_alerts.in
r2970 r3333 1 1 #!@@GOODSH@@ 2 # -*- sh -*- 2 3 3 # Proof of concept snort plugin written by Edward Bjarte FjellskÃ¥l. 4 : << =cut 5 6 =head1 NAME 7 8 snort_alerts - Plugin to monitor the number of alerts in Snort 9 10 =head1 CONFIGURATION 11 12 The following configuration variables are used by this plugin 13 14 [snort_alerts] 15 env.statsfile - Logfile to Snort's perfmonitor logfile 16 env.warning - Warning percentage 17 env.critical - Critical percentage 18 19 =head2 DEFAULT CONFIGURATION 20 21 [snort_alerts] 22 env.statsfile=/var/snort/snort.stats 23 24 =head1 AUTHORS 25 26 Copyright (C) 2009 Edward Bjarte FjellskÃ¥l 27 28 Copyright (C) 2010 Rado Rovny 29 30 =head1 LICENSE 31 32 GNU GPLv2 33 34 =begin comment 35 36 This program is free software; you can redistribute it and/or 37 modify it under the terms of the GNU General Public License 38 as published by the Free Software Foundation; version 2 dated June, 39 1991. 40 41 This program is distributed in the hope that it will be useful, 42 but WITHOUT ANY WARRANTY; without even the implied warranty of 43 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 44 GNU General Public License for more details. 45 46 You should have received a copy of the GNU General Public License 47 along with this program; if not, write to the Free Software 48 Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. 49 50 =end comment 51 52 =head1 MAGIC MARKERS 53 54 #%# family=auto 55 #%# capabilities=autoconf 56 57 =cut 58 59 EOF 60 61 62 if [ -z $statsfile ]; then 63 _target=/var/snort/snort.stats 64 else 65 _target=$statsfile 66 fi 67 68 if [ "$1" = "autoconf" ]; then 69 if [ -f $_target ]; then 70 echo yes 71 exit 0 72 else 73 echo "no ($_target not readable)" 74 exit 1 75 fi 76 fi 4 77 5 78 if [ "$1" = "config" ]; then … … 8 81 echo 'graph_vlabel Alerts / second' 9 82 echo 'graph_scale no' 10 echo 'alerts.label Alerts /second' 11 #echo 'alerts.warning 10' 12 #echo 'alerts.critical 50' 83 echo 'alerts.label Alerts/second' 84 if [ -n $warning ]; then 85 echo 'alerts.warning $warning' 86 fi 87 if [ -n $critical ]; then 88 echo 'alerts.critical $critical' 89 fi 90 echo 'alerts.info The number of alerts per second' 13 91 echo 'graph_category Snort' 14 92 … … 17 95 18 96 echo -n "alerts.value " 19 echo $( tail -n1 /your/path/to/snort.stats| awk -F, '{ print $4 }')97 echo $(tail -n1 $_target| awk -F, '{ print $4 }') trunk/plugins/node.d/snort_bytes_pkt.in
r2970 r3333 1 1 #!@@GOODSH@@ 2 # -*- sh -*- 2 3 3 # Proof of concept snort plugin written by Edward Bjarte FjellskÃ¥l. 4 : << =cut 5 6 =head1 NAME 7 8 snort_bytes_pkt - Plugin to monitor average size in KBytes per packet 9 10 =head1 CONFIGURATION 11 12 The following configuration variables are used by this plugin 13 14 [snort_bytes_pkt] 15 env.statsfile - Logfile to Snort's perfmonitor logfile 16 env.warning - Warning percentage 17 env.critical - Critical percentage 18 19 =head2 DEFAULT CONFIGURATION 20 21 [snort_bytes_pkt] 22 env.statsfile=/var/snort/snort.stats 23 24 =head1 AUTHORS 25 26 Copyright (C) 2009 Edward Bjarte FjellskÃ¥l 27 28 Copyright (C) 2010 Rado Rovny 29 30 =head1 LICENSE 31 32 GNU GPLv2 33 34 =begin comment 35 36 This program is free software; you can redistribute it and/or 37 modify it under the terms of the GNU General Public License 38 as published by the Free Software Foundation; version 2 dated June, 39 1991. 40 41 This program is distributed in the hope that it will be useful, 42 but WITHOUT ANY WARRANTY; without even the implied warranty of 43 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 44 GNU General Public License for more details. 45 46 You should have received a copy of the GNU General Public License 47 along with this program; if not, write to the Free Software 48 Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. 49 50 =end comment 51 52 =head1 MAGIC MARKERS 53 54 #%# family=auto 55 #%# capabilities=autoconf 56 57 =cut 58 59 EOF 60 61 62 if [ -z $statsfile ]; then 63 _target=/var/snort/snort.stats 64 else 65 _target=$statsfile 66 fi 67 68 if [ "$1" = "autoconf" ]; then 69 if [ -f $_target ]; then 70 echo yes 71 exit 0 72 else 73 echo "no ($_target not readable)" 74 exit 1 75 fi 76 fi 4 77 5 78 if [ "$1" = "config" ]; then … … 8 81 echo 'graph_vlabel KBytes / pkt' 9 82 echo 'graph_scale no' 10 echo 'bytespkt.label KBytes/pkt' 11 #echo 'bytespkt.warning 80' 12 #echo 'bytespkt.critical 92' 83 echo 'bytes_pkt.label KBytes/pkt' 84 if [ -n $warning ]; then 85 echo 'bytes_pkt.warning $warning' 86 fi 87 if [ -n $critical ]; then 88 echo 'bytes_pkt.critical $critical' 89 fi 90 echo 'bytes_pkt.info Average size per packet' 13 91 echo 'graph_category Snort' 14 92 … … 16 94 fi 17 95 18 echo -n "bytes pkt.value "19 echo $( tail -n1 /your/path/to/snort.stats| awk -F, '{ print $6 }')96 echo -n "bytes_pkt.value " 97 echo $(tail -n1 $_target| awk -F, '{ print $6 }') trunk/plugins/node.d/snort_drop_rate.in
r2970 r3333 1 1 #!@@GOODSH@@ 2 # -*- sh -*- 2 3 3 # Proof of concept snort plugin written by Edward Bjarte FjellskÃ¥l. 4 : << =cut 5 6 =head1 NAME 7 8 snort_droprate - Plugin to monitor Snort packet drop rate 9 10 =head1 CONFIGURATION 11 12 The following configuration variables are used by this plugin 13 14 [snort_droprate] 15 env.statsfile - Logfile to Snort's perfmonitor logfile 16 env.warning - Warning percentage 17 env.critical - Critical percentage 18 19 =head2 DEFAULT CONFIGURATION 20 21 [snort_drop_rate] 22 env.statsfile=/var/snort/snort.stats 23 24 =head1 AUTHORS 25 26 Copyright (C) 2009 Edward Bjarte FjellskÃ¥l 27 28 Copyright (C) 2010 Rado Rovny 29 30 =head1 LICENSE 31 32 GNU GPLv2 33 34 =begin comment 35 36 This program is free software; you can redistribute it and/or 37 modify it under the terms of the GNU General Public License 38 as published by the Free Software Foundation; version 2 dated June, 39 1991. 40 41 This program is distributed in the hope that it will be useful, 42 but WITHOUT ANY WARRANTY; without even the implied warranty of 43 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 44 GNU General Public License for more details. 45 46 You should have received a copy of the GNU General Public License 47 along with this program; if not, write to the Free Software 48 Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. 49 50 =end comment 51 52 =head1 MAGIC MARKERS 53 54 #%# family=auto 55 #%# capabilities=autoconf 56 57 =cut 58 59 EOF 60 61 62 if [ -z $statsfile ]; then 63 _target=/var/snort/snort.stats 64 else 65 _target=$statsfile 66 fi 67 68 if [ "$1" = "autoconf" ]; then 69 if [ -f $_target ]; then 70 echo yes 71 exit 0 72 else 73 echo "no ($_target not readable)" 74 exit 1 75 fi 76 fi 4 77 5 78 if [ "$1" = "config" ]; then … … 9 82 echo 'graph_scale no' 10 83 echo 'droprate.label % percent' 11 # To tell Nagios 12 echo 'droprate.warning 1' 13 echo 'droprate.critical 2' 84 if [ -n $warning ]; then 85 echo 'droprate.warning $warning' 86 fi 87 if [ -n $critical ]; then 88 echo 'droprate.critical $critical' 89 fi 90 echo 'droprate.info Packet drop rate in %' 14 91 echo 'graph_category Snort' 15 92 … … 18 95 19 96 echo -n "droprate.value " 20 echo $( tail -n1 /your/path/to/snort.stats| awk -F, '{ print $2 }')97 echo $(tail -n1 $_target| awk -F, '{ print $2 }') trunk/plugins/node.d/snort_pattern_match.in
r2970 r3333 1 1 #!@@GOODSH@@ 2 # -*- sh -*- 2 3 3 # Proof of concept snort plugin written by Edward Bjarte FjellskÃ¥l. 4 : << =cut 5 6 =head1 NAME 7 8 snort_pattmatch - Plugin to monitor percent of data received that 9 Snort processes in pattern matching. 10 11 =head1 CONFIGURATION 12 13 The following configuration variables are used by this plugin 14 15 [snort_pattern_match] 16 env.statsfile - Logfile to Snort's perfmonitor logfile 17 env.warning - Warning percentage 18 env.critical - Critical percentage 19 20 =head2 DEFAULT CONFIGURATION 21 22 [snort_pattern_match] 23 env.statsfile=/var/snort/snort.stats 24 25 =head1 AUTHORS 26 27 Copyright (C) 2009 Edward Bjarte FjellskÃ¥l 28 29 Copyright (C) 2010 Rado Rovny 30 31 =head1 LICENSE 32 33 GNU GPLv2 34 35 =begin comment 36 37 This program is free software; you can redistribute it and/or 38 modify it under the terms of the GNU General Public License 39 as published by the Free Software Foundation; version 2 dated June, 40 1991. 41 42 This program is distributed in the hope that it will be useful, 43 but WITHOUT ANY WARRANTY; without even the implied warranty of 44 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 45 GNU General Public License for more details. 46 47 You should have received a copy of the GNU General Public License 48 along with this program; if not, write to the Free Software 49 Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. 50 51 =end comment 52 53 =head1 MAGIC MARKERS 54 55 #%# family=auto 56 #%# capabilities=autoconf 57 58 =cut 59 60 EOF 61 62 63 if [ -z $statsfile ]; then 64 _target=/var/snort/snort.stats 65 else 66 _target=$statsfile 67 fi 68 69 if [ "$1" = "autoconf" ]; then 70 if [ -f $_target ]; then 71 echo yes 72 exit 0 73 else 74 echo "no ($_target not readable)" 75 exit 1 76 fi 77 fi 4 78 5 79 if [ "$1" = "config" ]; then … … 9 83 echo 'graph_scale no' 10 84 echo 'pattmatch.label % percent' 11 #For Nagios 12 #echo 'pattmatch.warning 14' 13 #echo 'pattmatch.critical 25' 85 if [ -n $warning ]; then 86 echo 'pattmatch.warning $warning' 87 fi 88 if [ -n $critical ]; then 89 echo 'pattmatch.critical $critical' 90 fi 91 echo 'pattmatch.info The percent of data received that Snort processes in pattern matching' 14 92 echo 'graph_category Snort' 15 93 … … 18 96 19 97 echo -n "pattmatch.value " 20 echo $( tail -n1 /your/path/to/snort.stats| awk -F, '{ print $7 }')98 echo $(tail -n1 $_target| awk -F, '{ print $7 }') trunk/plugins/node.d/snort_pkts.in
r2970 r3333 1 #!/bin/sh 1 #!@@GOODSH@@ 2 # -*- sh -*- 2 3 3 # Proof of concept snort plugin written by Edward Bjarte FjellskÃ¥l. 4 : << =cut 5 6 =head1 NAME 7 8 snort_pktsec - Plugin to monitor the number of packets per second 9 passed through Snort filters 10 11 =head1 CONFIGURATION 12 13 The following configuration variables are used by this plugin 14 15 [snort_pkts] 16 env.statsfile - Logfile to Snort's perfmonitor logfile 17 env.warning - Warning percentage 18 env.critical - Critical percentage 19 20 =head2 DEFAULT CONFIGURATION 21 22 [snort_pkts] 23 env.statsfile=/var/snort/snort.stats 24 25 =head1 AUTHORS 26 27 Copyright (C) 2009 Edward Bjarte FjellskÃ¥l 28 29 Copyright (C) 2010 Rado Rovny 30 31 =head1 LICENSE 32 33 GNU GPLv2 34 35 =begin comment 36 37 This program is free software; you can redistribute it and/or 38 modify it under the terms of the GNU General Public License 39 as published by the Free Software Foundation; version 2 dated June, 40 1991. 41 42 This program is distributed in the hope that it will be useful, 43 but WITHOUT ANY WARRANTY; without even the implied warranty of 44 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 45 GNU General Public License for more details. 46 47 You should have received a copy of the GNU General Public License 48 along with this program; if not, write to the Free Software 49 Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. 50 51 =end comment 52 53 =head1 MAGIC MARKERS 54 55 #%# family=auto 56 #%# capabilities=autoconf 57 58 =cut 59 60 EOF 61 62 63 if [ -z $statsfile ]; then 64 _target=/var/snort/snort.stats 65 else 66 _target=$statsfile 67 fi 68 69 if [ "$1" = "autoconf" ]; then 70 if [ -f $_target ]; then 71 echo yes 72 exit 0 73 else 74 echo "no ($_target not readable)" 75 exit 1 76 fi 77 fi 4 78 5 79 if [ "$1" = "config" ]; then 6 80 echo 'graph_title Snort Avg packets/s' 7 81 echo 'graph_args --base 1000 -l 0' 8 echo 'graph_vlabel Packets / sec '82 echo 'graph_vlabel Packets / second' 9 83 echo 'graph_scale no' 10 84 echo 'pktsec.label Packets/second' 11 #echo 'pktsec.warning 80' 12 #echo 'pktsec.critical 92' 85 if [ -n $warning ]; then 86 echo 'pktsec.warning $warning' 87 fi 88 if [ -n $critical ]; then 89 echo 'pktsec.critical $critical' 90 fi 91 echo 'pktsec.info The number of packets per second' 13 92 echo 'graph_category Snort' 14 93 … … 17 96 18 97 echo -n "pktsec.value " 19 echo $( tail -n1 /your/path/to/snort.stats| awk -F, '{ print $5 }') \* 1000|bc -l98 echo $( tail -n1 $_target| awk -F, '{ print $5 }') \* 1000|bc -l trunk/plugins/node.d/snort_traffic.in
r2970 r3333 1 1 #!@@GOODSH@@ 2 # -*- sh -*- 2 3 3 # Proof of concept snort plugin written by Edward Bjarte FjellskÃ¥l. 4 : << =cut 5 6 =head1 NAME 7 8 snort_traffic - Plugin to monitor Snort traffic in Mbites per second 9 10 =head1 CONFIGURATION 11 12 The following configuration variables are used by this plugin 13 14 [snort_traffic] 15 env.statsfile - Logfile to Snort's perfmonitor logfile 16 env.warning - Warning percentage 17 env.critical - Critical percentage 18 19 =head2 DEFAULT CONFIGURATION 20 21 [snort_traffic] 22 env.statsfile=/var/snort/snort.stats 23 24 =head1 AUTHORS 25 26 Copyright (C) 2009 Edward Bjarte FjellskÃ¥l 27 28 Copyright (C) 2010 Rado Rovny 29 30 =head1 LICENSE 31 32 GNU GPLv2 33 34 =begin comment 35 36 This program is free software; you can redistribute it and/or 37 modify it under the terms of the GNU General Public License 38 as published by the Free Software Foundation; version 2 dated June, 39 1991. 40 41 This program is distributed in the hope that it will be useful, 42 but WITHOUT ANY WARRANTY; without even the implied warranty of 43 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 44 GNU General Public License for more details. 45 46 You should have received a copy of the GNU General Public License 47 along with this program; if not, write to the Free Software 48 Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. 49 50 =end comment 51 52 =head1 MAGIC MARKERS 53 54 #%# family=auto 55 #%# capabilities=autoconf 56 57 =cut 58 59 EOF 60 61 62 if [ -z $statsfile ]; then 63 _target=/var/snort/snort.stats 64 else 65 _target=$statsfile 66 fi 67 68 if [ "$1" = "autoconf" ]; then 69 if [ -f $_target ]; then 70 echo yes 71 exit 0 72 else 73 echo "no ($_target not readable)" 74 exit 1 75 fi 76 fi 4 77 5 78 if [ "$1" = "config" ]; then … … 9 82 echo 'graph_scale no' 10 83 echo 'traffic.label Mbits/second' 84 if [ -n $warning ]; then 85 echo 'traffic.warning $warning' 86 fi 87 if [ -n $critical ]; then 88 echo 'traffic.critical $critical' 89 fi 90 echo 'traffic.info Traffic in Mbites per second' 11 91 echo 'graph_category Snort' 12 92 … … 15 95 16 96 echo -n "traffic.value " 17 echo $( tail -n1 /your/path/to/snort.stats| awk -F, '{ print $3 }')97 echo $(tail -n1 $_target| awk -F, '{ print $3 }')
