2015-02-04 17:24:37 +01:00
|
|
|
#!/bin/bash
|
|
|
|
|
|
|
|
|
|
if [ "$1" = "autoconf" ]; then
|
|
|
|
|
echo "yes"
|
|
|
|
|
exit 0
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
if [ "$1" = "config" ]; then
|
|
|
|
|
echo "graph_title Ossec alerts per service"
|
|
|
|
|
echo "graph_args --base 1000 -l 0"
|
|
|
|
|
echo "graph_vlabel Number of alerts per service"
|
2017-02-22 23:20:56 +01:00
|
|
|
echo "graph_category security"
|
2015-02-04 17:24:37 +01:00
|
|
|
echo "graph_scale no"
|
|
|
|
|
echo "apache.label httpd"
|
|
|
|
|
echo "apache.draw LINE2"
|
|
|
|
|
echo 'apache.min 0'
|
|
|
|
|
echo "ssh.label ssh"
|
|
|
|
|
echo "ssh.draw LINE2"
|
|
|
|
|
echo 'ssh.min 0'
|
|
|
|
|
echo "sudo.label sudo"
|
|
|
|
|
echo "sudo.draw LINE2"
|
|
|
|
|
echo 'sudo.min 0'
|
|
|
|
|
echo "total.label total"
|
|
|
|
|
echo "total.draw LINE2"
|
|
|
|
|
echo 'total.min 0'
|
|
|
|
|
exit 0
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
### Deleting temporary log files from last run
|
|
|
|
|
rm -f /tmp/ossecalerts.log
|
|
|
|
|
logdir="/var/ossec/logs/alerts"
|
|
|
|
|
|
|
|
|
|
###For Loop for grepping the last 5 mins logs
|
|
|
|
|
for (( i = 5; i >=0; i-- )) ; do
|
|
|
|
|
grep $(date +%R -d "-$i min") $logdir/alerts.log >> /tmp/ossecalerts.log
|
|
|
|
|
done
|
|
|
|
|
### End for loop
|
|
|
|
|
|
|
|
|
|
### count the lines for each service in the temporary log file
|
|
|
|
|
APACHE=`cat /tmp/ossecalerts.log | grep -i 'apache\|http' | wc -l`
|
|
|
|
|
SSH=`cat /tmp/ossecalerts.log | grep ssh | wc -l`
|
|
|
|
|
SUDO=`cat /tmp/ossecalerts.log | grep sudo | wc -l`
|
|
|
|
|
TOTAL=`cat /tmp/ossecalerts.log | grep -v ">"| wc -l`
|
|
|
|
|
|
|
|
|
|
echo "apache.value ${APACHE}"
|
|
|
|
|
echo "ssh.value ${SSH}"
|
|
|
|
|
echo "sudo.value ${SUDO}"
|
|
|
|
|
echo "total.value ${TOTAL}"
|
|
|
|
|
exit 0
|
