Repository
Munin (contrib)
Last change
2017-02-22
Graph Categories
Keywords
Language
Bash

ossec_active_response

Sadly there is no documentation for this plugin

#!/bin/bash

if [ "$1" = "autoconf" ]; then
	echo "yes"
	exit 0
fi

if [ "$1" = "config" ]; then
	echo "graph_title OSSEC Active Response"
	echo "graph_args --base 1000 -l 0"
	echo "graph_vlabel Number of responses"
	echo "graph_category security"
	echo "graph_scale no"
	echo "c_add_actions.label rules added"
	echo "c_add_actions.draw LINE2"
	echo 'c_add_actions.min 0'
	echo "c_del_actions.label rules deleted"
	echo "c_del_actions.draw LINE2"
	echo 'c_del_actions.min 0'
	exit 0
fi

### Deleting temporary log files from last run
rm -f /tmp/ossecactive.log
logdir="/var/ossec/logs"


### day of moth needs to be space padded
month="$(date "+%b")"; day="$(date "+%e")";year="$(date "+%Y")";
search1="$month $day"

### for loop for grepping the last 5 min of logs and copy it to /tmp
for (( i = 5; i >=0; i-- )) ; do
	grep $(date "+%R" -d "-$i  min") $logdir/active-responses.log | grep "$search1" | grep "$year" >> /tmp/ossecactive.log
done
### End for loop

### count the lines for each action in the temporary log file
NB_ADD=`cat /tmp/ossecactive.log | grep add | wc -l`
NB_DEL=`cat /tmp/ossecactive.log | grep del | wc -l`

echo "c_add_actions.value ${NB_ADD}"
echo "c_del_actions.value ${NB_DEL}"

exit 0