Repository
Munin (master)
Last change
2018-03-29
Graph Categories
Family
auto
Capabilities
Language
Shell
License
GPL-2.0-only
Authors

snort_alerts

Name

snort_alerts - Plugin to monitor the number of alerts in Snort

Configuration

The following configuration variables are used by this plugin

[snort_alerts]
 env.statsfile - Logfile to Snort's perfmonitor logfile
 env.warning - Warning percentage
 env.critical - Critical percentage

Default Configuration

[snort_alerts]
 env.statsfile=/var/snort/snort.stats

Authors

Copyright (C) 2009 Edward Bjarte Fjellskål

Copyright (C) 2010 Rado Rovny

License

GNU GPLv2

Magic Markers

#%# family=auto
#%# capabilities=autoconf

Pod Errors

Hey! The above document had some coding errors, which are explained below:

  • Around line 25:

    Non-ASCII character seen before =encoding in ‘Fjellskål’. Assuming UTF-8

#!/bin/sh

: << =cut

=head1 NAME

snort_alerts - Plugin to monitor the number of alerts in Snort

=head1 CONFIGURATION

The following configuration variables are used by this plugin

 [snort_alerts]
  env.statsfile - Logfile to Snort's perfmonitor logfile
  env.warning - Warning percentage
  env.critical - Critical percentage

=head2 DEFAULT CONFIGURATION

 [snort_alerts]
  env.statsfile=/var/snort/snort.stats

=head1 AUTHORS

Copyright (C) 2009 Edward Bjarte Fjellskål

Copyright (C) 2010 Rado Rovny

=head1 LICENSE

GNU GPLv2

=begin comment

This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; version 2 dated June,
1991.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License along
with this program; if not, write to the Free Software Foundation, Inc.,
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.

=end comment

=head1 MAGIC MARKERS

  #%# family=auto
  #%# capabilities=autoconf

=cut


_target=${statsfile:-/var/snort/snort.stats}


if [ "$1" = "autoconf" ]; then
        if [ -f "$_target" ]; then
                echo yes
        else
                echo "no ($_target not readable)"
        fi
        exit 0
fi

if [ "$1" = "config" ]; then
        echo 'graph_title Snort Alerts'
        echo 'graph_args --base 1000 -l 0'
        echo 'graph_vlabel Alerts / second'
        echo 'graph_scale no'
        echo 'alerts.label Alerts/second'
        if [ -n "${warning:-}" ]; then
                echo "alerts.warning $warning"
        fi
        if [ -n "${critical:-}" ]; then
                echo "alerts.critical $critical"
        fi
        echo 'alerts.info The number of alerts per second'
        echo 'graph_category security'

        exit 0
fi

printf "alerts.value "
tail -n1 "$_target" | awk -F, '{ print $4 }'