#!/bin/sh : << =cut =head1 NAME snort_pktsec - Plugin to monitor the number of packets per second passed through Snort filters =head1 CONFIGURATION The following configuration variables are used by this plugin [snort_pkts] env.statsfile - Logfile to Snort's perfmonitor logfile env.warning - Warning percentage env.critical - Critical percentage =head2 DEFAULT CONFIGURATION [snort_pkts] env.statsfile=/var/snort/snort.stats =head1 AUTHORS Copyright (C) 2009 Edward Bjarte Fjellskål Copyright (C) 2010 Rado Rovny =head1 LICENSE GNU GPLv2 =begin comment This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; version 2 dated June, 1991. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. =end comment =head1 MAGIC MARKERS #%# family=auto #%# capabilities=autoconf =cut statsfile=${statsfile:-} if [ -z "$statsfile" ]; then _target=/var/snort/snort.stats else _target=$statsfile fi if [ "$1" = "autoconf" ]; then if [ -f "$_target" ]; then echo yes else echo "no ($_target not readable)" fi exit 0 fi if [ "$1" = "config" ]; then echo 'graph_title Snort Avg packets/s' echo 'graph_args --base 1000 -l 0' # shellcheck disable=SC2016 echo 'graph_vlabel Packets / ${graph_period}' echo 'graph_scale no' echo 'pktsec.label Packets' if [ -n "${warning:-}" ]; then echo "pktsec.warning $warning" fi if [ -n "${critical:-}" ]; then echo "pktsec.critical $critical" fi echo 'pktsec.info The number of packets per second' echo 'graph_category security' exit 0 fi printf "pktsec.value " tail -n1 "$_target" | awk -F, '{ print $5 * 1000 }'