Repository
Munin (contrib)
Last change
2017-02-22
Graph Categories
Keywords
Language
Bash

ossec_alerts

Sadly there is no documentation for this plugin.

#!/bin/bash

if [ "$1" = "autoconf" ]; then
	echo "yes"
	exit 0
fi

if [ "$1" = "config" ]; then
	echo "graph_title Ossec alerts per service"
	echo "graph_args --base 1000 -l 0"
	echo "graph_vlabel Number of alerts per service"
	echo "graph_category security"
	echo "graph_scale no"
	echo "apache.label httpd"
	echo "apache.draw LINE2"
	echo 'apache.min 0'
	echo "ssh.label ssh"
	echo "ssh.draw LINE2"
	echo 'ssh.min 0'
	echo "sudo.label sudo"
	echo "sudo.draw LINE2"
	echo 'sudo.min 0'
	echo "total.label total"
	echo "total.draw LINE2"
	echo 'total.min 0'
	exit 0
fi

### Deleting temporary log files from last run
rm -f /tmp/ossecalerts.log
logdir="/var/ossec/logs/alerts"

###For Loop for grepping the last 5 mins logs
for (( i = 5; i >=0; i-- )) ; do
	grep $(date +%R -d "-$i  min") $logdir/alerts.log >> /tmp/ossecalerts.log
done
### End for loop

### count the lines for each service in the temporary log file
APACHE=`cat /tmp/ossecalerts.log | grep -i 'apache\|http' | wc -l`
SSH=`cat /tmp/ossecalerts.log | grep ssh | wc -l`
SUDO=`cat /tmp/ossecalerts.log | grep sudo | wc -l`
TOTAL=`cat /tmp/ossecalerts.log | grep -v ">"| wc -l`

echo "apache.value ${APACHE}"
echo "ssh.value ${SSH}"
echo "sudo.value ${SUDO}"
echo "total.value ${TOTAL}"
exit 0