contrib-munin/plugins/ossec/ossec-active-response

80 lines
1.5 KiB
Plaintext
Raw Normal View History

2011-06-14 14:08:41 +02:00
# /bin/ sh
#
if [ "$1" = "autoconf" ] ; then
echo "yes"
#
exit 0
#
fi
#
#
logdir="/var/ossec/logs/"
if [ "$1" = "config" ] ; then
#
echo "graph_title Active Response"
#
echo "graph_args --base 1000 -l 0 "
#
echo "graph_vlabel Number of active response"
#
echo "graph_category Ossec"
#
echo "graph_scale no"
#
echo "c_add_actions.label Number of Rules added"
#
echo "c_add_actions.draw LINE2"
#
echo 'c_add_actions.min 0'
#
echo "c_del_actions.label Number of Rules deleted"
#
echo "c_del_actions.draw LINE2"
#
echo 'c_del_actions.min 0'
#
exit 0
#
fi
#
#
####Deleting the temporary logs files ##########
rm -fr /tmp/ossecactive*
###For Loop for grepping the last 5 mins logs and moving it to the /tmp
month="$(date "+%b")"; time="$(date "+%d")";year="$(date "+%Y")";
if [ "$time" -le "9" ]; then
search1="$month $time"
else
search1="$month $time"
fi
#search1="$month $time"
#echo "$search1"
for (( i = 5; i>=0; i-- )) ; do grep $(date "+%R" -d "-$i min") /var/ossec/logs/active-responses.log | grep "$search1" | grep "$year" >> /tmp/ossecactive.log;done
#############Fore Loop Ends##########
####Grepping the Hosts Blocked in last 5 mins###########
NB_ADD=`cat /tmp/ossecactive.log| grep add | wc -l`
###########Grepping the Hosts Removed from the blocked list in last 5 mins############
NB_DEL=`cat /tmp/ossecactive.log | grep del | wc -l`
#
#
############Displaying the VALUES#############
echo "c_add_actions.value ${NB_ADD}"
#
echo "c_del_actions.value ${NB_DEL}" #
#
exit 0