#!@@GOODSH@@ # -*- sh -*- : << =cut =head1 NAME snort_bytes_pkt - Plugin to monitor average size in KBytes per packet =head1 CONFIGURATION The following configuration variables are used by this plugin [snort_bytes_pkt] env.statsfile - Logfile to Snort's perfmonitor logfile env.warning - Warning percentage env.critical - Critical percentage =head2 DEFAULT CONFIGURATION [snort_bytes_pkt] env.statsfile=/var/snort/snort.stats =head1 AUTHORS Copyright (C) 2009 Edward Bjarte Fjellskål Copyright (C) 2010 Rado Rovny =head1 LICENSE GNU GPLv2 =begin comment This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; version 2 dated June, 1991. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. =end comment =head1 MAGIC MARKERS #%# family=auto #%# capabilities=autoconf =cut _target=${statsfile:-/var/snort/snort.stats} if [ "$1" = "autoconf" ]; then if [ -f "$_target" ]; then echo yes else echo "no ($_target not readable)" fi exit 0 fi if [ "$1" = "config" ]; then echo 'graph_title Snort Avg KBytes per pkt' echo 'graph_args --base 1000 -l 0' echo 'graph_vlabel KBytes / pkt' echo 'graph_scale no' echo 'bytes_pkt.label KBytes/pkt' if [ -n "${warning:-}" ]; then echo "bytes_pkt.warning $warning" fi if [ -n "${critical:-}" ]; then echo "bytes_pkt.critical $critical" fi echo 'bytes_pkt.info Average size per packet' echo 'graph_category Snort' exit 0 fi printf "bytes_pkt.value " tail -n1 "$_target" | awk -F, '{ print $6 }'