# /bin/ sh
#
if [ "$1" = "autoconf" ] ; then

 echo "yes"
#
exit 0 
#
fi
#
#
logdir="/var/ossec/logs/"
if [ "$1" = "config" ] ; then
#
echo "graph_title Active Response" 
#
echo "graph_args --base 1000 -l 0 " 
#
echo "graph_vlabel Number of active response" 
#
echo "graph_category Ossec" 
#
echo "graph_scale no" 
#
echo "c_add_actions.label Number of Rules added" 
#
echo "c_add_actions.draw LINE2" 
#
echo 'c_add_actions.min 0' 
#
echo "c_del_actions.label Number of Rules deleted" 
#
echo "c_del_actions.draw LINE2" 
#
echo 'c_del_actions.min 0' 
#
exit 0 
#
fi
#
#


####Deleting the temporary logs files ##########
rm -fr /tmp/ossecactive* 


###For Loop for grepping the last 5 mins logs and moving it to the /tmp

month="$(date "+%b")"; time="$(date "+%d")";year="$(date "+%Y")";
if [ "$time" -le "9" ]; then
search1="$month  $time"
else
search1="$month $time"
fi

#search1="$month  $time"
#echo "$search1"
for (( i = 5; i>=0; i-- )) ; do grep $(date "+%R" -d "-$i min") /var/ossec/logs/active-responses.log | grep "$search1" | grep "$year" >> /tmp/ossecactive.log;done	


#############Fore Loop Ends##########

####Grepping the Hosts Blocked in last 5 mins###########
NB_ADD=`cat /tmp/ossecactive.log| grep add | wc -l` 

###########Grepping the Hosts Removed from the blocked list in last 5 mins############

NB_DEL=`cat /tmp/ossecactive.log | grep del | wc -l`
#
#

############Displaying the VALUES#############
echo "c_add_actions.value ${NB_ADD}" 
#
echo "c_del_actions.value ${NB_DEL}" #
#
exit 0