- Repository
- Munin (contrib)
- Last change
- 2017-02-22
- Graph Categories
- Keywords
- Language
- Bash
ossec_alerts
Sadly there is no documentation for this plugin.
#!/bin/bash
if [ "$1" = "autoconf" ]; then
echo "yes"
exit 0
fi
if [ "$1" = "config" ]; then
echo "graph_title Ossec alerts per service"
echo "graph_args --base 1000 -l 0"
echo "graph_vlabel Number of alerts per service"
echo "graph_category security"
echo "graph_scale no"
echo "apache.label httpd"
echo "apache.draw LINE2"
echo 'apache.min 0'
echo "ssh.label ssh"
echo "ssh.draw LINE2"
echo 'ssh.min 0'
echo "sudo.label sudo"
echo "sudo.draw LINE2"
echo 'sudo.min 0'
echo "total.label total"
echo "total.draw LINE2"
echo 'total.min 0'
exit 0
fi
### Deleting temporary log files from last run
rm -f /tmp/ossecalerts.log
logdir="/var/ossec/logs/alerts"
###For Loop for grepping the last 5 mins logs
for (( i = 5; i >=0; i-- )) ; do
grep $(date +%R -d "-$i min") $logdir/alerts.log >> /tmp/ossecalerts.log
done
### End for loop
### count the lines for each service in the temporary log file
APACHE=`cat /tmp/ossecalerts.log | grep -i 'apache\|http' | wc -l`
SSH=`cat /tmp/ossecalerts.log | grep ssh | wc -l`
SUDO=`cat /tmp/ossecalerts.log | grep sudo | wc -l`
TOTAL=`cat /tmp/ossecalerts.log | grep -v ">"| wc -l`
echo "apache.value ${APACHE}"
echo "ssh.value ${SSH}"
echo "sudo.value ${SUDO}"
echo "total.value ${TOTAL}"
exit 0