Repository
Munin (2.0)
Last change
2018-08-17
Graph Categories
Family
auto
Capabilities
Language
Shell
License
GPL-2.0-only
Authors

snort_pattern_match

Name

snort_pattmatch - Plugin to monitor percent of data received that Snort processes in pattern matching.

Configuration

The following configuration variables are used by this plugin

[snort_pattern_match]
 env.statsfile - Logfile to Snort's perfmonitor logfile
 env.warning - Warning percentage
 env.critical - Critical percentage

Default Configuration

[snort_pattern_match]
 env.statsfile=/var/snort/snort.stats

Authors

Copyright (C) 2009 Edward Bjarte Fjellskål

Copyright (C) 2010 Rado Rovny

License

GNU GPLv2

Magic Markers

#%# family=auto
#%# capabilities=autoconf

#!@@GOODSH@@
# -*- sh -*-

: << =cut

=head1 NAME

snort_pattmatch - Plugin to monitor percent of data received that
                   Snort processes in pattern matching.

=head1 CONFIGURATION

The following configuration variables are used by this plugin

 [snort_pattern_match]
  env.statsfile - Logfile to Snort's perfmonitor logfile
  env.warning - Warning percentage
  env.critical - Critical percentage

=head2 DEFAULT CONFIGURATION

 [snort_pattern_match]
  env.statsfile=/var/snort/snort.stats

=head1 AUTHORS

Copyright (C) 2009 Edward Bjarte Fjellskål

Copyright (C) 2010 Rado Rovny

=head1 LICENSE

GNU GPLv2

=begin comment

This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; version 2 dated June,
1991.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License along
with this program; if not, write to the Free Software Foundation, Inc.,
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.

=end comment

=head1 MAGIC MARKERS

  #%# family=auto
  #%# capabilities=autoconf

=cut


_target=${statsfile:-/var/snort/snort.stats}


if [ "$1" = "autoconf" ]; then
        if [ -f "$_target" ]; then
                echo yes
        else
                echo "no ($_target not readable)"
        fi
        exit 0
fi

if [ "$1" = "config" ]; then
        echo 'graph_title Snort Pattern Match'
        echo 'graph_args --base 1000 -l 0'
        echo 'graph_vlabel % percent'
        echo 'graph_scale no'
        echo 'pattmatch.label % percent'
        if [ -n "${warning:-}" ]; then
                echo "pattmatch.warning $warning"
        fi
        if [ -n "${critical:-}" ]; then
                echo "pattmatch.critical $critical"
        fi
        echo 'pattmatch.info The percent of data received that Snort processes in pattern matching'
        echo 'graph_category Snort'

        exit 0
fi

printf "pattmatch.value "
tail -n1 "$_target" | awk -F, '{ print $7 }'