#!@@GOODSH@@ # -*- sh -*- : << =cut =head1 NAME snort_pattmatch - Plugin to monitor percent of data received that Snort processes in pattern matching. =head1 CONFIGURATION The following configuration variables are used by this plugin [snort_pattern_match] env.statsfile - Logfile to Snort's perfmonitor logfile env.warning - Warning percentage env.critical - Critical percentage =head2 DEFAULT CONFIGURATION [snort_pattern_match] env.statsfile=/var/snort/snort.stats =head1 AUTHORS Copyright (C) 2009 Edward Bjarte Fjellskål Copyright (C) 2010 Rado Rovny =head1 LICENSE GNU GPLv2 =begin comment This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; version 2 dated June, 1991. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. =end comment =head1 MAGIC MARKERS #%# family=auto #%# capabilities=autoconf =cut _target=${statsfile:-/var/snort/snort.stats} if [ "$1" = "autoconf" ]; then if [ -f "$_target" ]; then echo yes else echo "no ($_target not readable)" fi exit 0 fi if [ "$1" = "config" ]; then echo 'graph_title Snort Pattern Match' echo 'graph_args --base 1000 -l 0' echo 'graph_vlabel % percent' echo 'graph_scale no' echo 'pattmatch.label % percent' if [ -n "${warning:-}" ]; then echo "pattmatch.warning $warning" fi if [ -n "${critical:-}" ]; then echo "pattmatch.critical $critical" fi echo 'pattmatch.info The percent of data received that Snort processes in pattern matching' echo 'graph_category Snort' exit 0 fi printf "pattmatch.value " tail -n1 "$_target" | awk -F, '{ print $7 }'