2015-02-04 17:24:37 +01:00
|
|
|
#!/bin/bash
|
|
|
|
|
|
|
|
if [ "$1" = "autoconf" ]; then
|
|
|
|
echo "yes"
|
|
|
|
exit 0
|
|
|
|
fi
|
|
|
|
|
|
|
|
if [ "$1" = "config" ]; then
|
|
|
|
echo "graph_title OSSEC Active Response"
|
|
|
|
echo "graph_args --base 1000 -l 0"
|
|
|
|
echo "graph_vlabel Number of responses"
|
2017-02-22 23:20:56 +01:00
|
|
|
echo "graph_category security"
|
2015-02-04 17:24:37 +01:00
|
|
|
echo "graph_scale no"
|
|
|
|
echo "c_add_actions.label rules added"
|
|
|
|
echo "c_add_actions.draw LINE2"
|
|
|
|
echo 'c_add_actions.min 0'
|
|
|
|
echo "c_del_actions.label rules deleted"
|
|
|
|
echo "c_del_actions.draw LINE2"
|
|
|
|
echo 'c_del_actions.min 0'
|
|
|
|
exit 0
|
|
|
|
fi
|
|
|
|
|
|
|
|
### Deleting temporary log files from last run
|
|
|
|
rm -f /tmp/ossecactive.log
|
|
|
|
logdir="/var/ossec/logs"
|
|
|
|
|
|
|
|
|
|
|
|
### day of moth needs to be space padded
|
|
|
|
month="$(date "+%b")"; day="$(date "+%e")";year="$(date "+%Y")";
|
|
|
|
search1="$month $day"
|
|
|
|
|
|
|
|
### for loop for grepping the last 5 min of logs and copy it to /tmp
|
|
|
|
for (( i = 5; i >=0; i-- )) ; do
|
|
|
|
grep $(date "+%R" -d "-$i min") $logdir/active-responses.log | grep "$search1" | grep "$year" >> /tmp/ossecactive.log
|
|
|
|
done
|
|
|
|
### End for loop
|
|
|
|
|
|
|
|
### count the lines for each action in the temporary log file
|
|
|
|
NB_ADD=`cat /tmp/ossecactive.log | grep add | wc -l`
|
|
|
|
NB_DEL=`cat /tmp/ossecactive.log | grep del | wc -l`
|
|
|
|
|
|
|
|
echo "c_add_actions.value ${NB_ADD}"
|
|
|
|
echo "c_del_actions.value ${NB_DEL}"
|
|
|
|
|
|
|
|
exit 0
|