- Repository
- Munin (contrib)
- Last change
- 2017-02-22
- Graph Categories
- Keywords
- Language
- Bash
ossec_active_response
Sadly there is no documentation for this plugin.
#!/bin/bash
if [ "$1" = "autoconf" ]; then
echo "yes"
exit 0
fi
if [ "$1" = "config" ]; then
echo "graph_title OSSEC Active Response"
echo "graph_args --base 1000 -l 0"
echo "graph_vlabel Number of responses"
echo "graph_category security"
echo "graph_scale no"
echo "c_add_actions.label rules added"
echo "c_add_actions.draw LINE2"
echo 'c_add_actions.min 0'
echo "c_del_actions.label rules deleted"
echo "c_del_actions.draw LINE2"
echo 'c_del_actions.min 0'
exit 0
fi
### Deleting temporary log files from last run
rm -f /tmp/ossecactive.log
logdir="/var/ossec/logs"
### day of moth needs to be space padded
month="$(date "+%b")"; day="$(date "+%e")";year="$(date "+%Y")";
search1="$month $day"
### for loop for grepping the last 5 min of logs and copy it to /tmp
for (( i = 5; i >=0; i-- )) ; do
grep $(date "+%R" -d "-$i min") $logdir/active-responses.log | grep "$search1" | grep "$year" >> /tmp/ossecactive.log
done
### End for loop
### count the lines for each action in the temporary log file
NB_ADD=`cat /tmp/ossecactive.log | grep add | wc -l`
NB_DEL=`cat /tmp/ossecactive.log | grep del | wc -l`
echo "c_add_actions.value ${NB_ADD}"
echo "c_del_actions.value ${NB_DEL}"
exit 0