File: snort_pattern_match.in

package info (click to toggle)
munin 2.0.76-5
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid, trixie
  • size: 7,064 kB
  • sloc: perl: 11,684; java: 1,924; sh: 1,632; makefile: 636; javascript: 365; python: 267
file content (92 lines) | stat: -rw-r--r-- 2,256 bytes parent folder | download | duplicates (5) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
 
#!@@GOODSH@@
# -*- sh -*-

: << =cut

=head1 NAME

snort_pattmatch - Plugin to monitor percent of data received that
                   Snort processes in pattern matching.

=head1 CONFIGURATION

The following configuration variables are used by this plugin

 [snort_pattern_match]
  env.statsfile - Logfile to Snort's perfmonitor logfile
  env.warning - Warning percentage
  env.critical - Critical percentage

=head2 DEFAULT CONFIGURATION

 [snort_pattern_match]
  env.statsfile=/var/snort/snort.stats

=head1 AUTHORS

Copyright (C) 2009 Edward Bjarte Fjellskål

Copyright (C) 2010 Rado Rovny

=head1 LICENSE

GNU GPLv2

=begin comment

This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; version 2 dated June,
1991.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License along
with this program; if not, write to the Free Software Foundation, Inc.,
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.

=end comment

=head1 MAGIC MARKERS

  #%# family=auto
  #%# capabilities=autoconf

=cut


_target=${statsfile:-/var/snort/snort.stats}


if [ "$1" = "autoconf" ]; then
        if [ -f "$_target" ]; then
                echo yes
        else
                echo "no ($_target not readable)"
        fi
        exit 0
fi

if [ "$1" = "config" ]; then
        echo 'graph_title Snort Pattern Match'
        echo 'graph_args --base 1000 -l 0'
        echo 'graph_vlabel % percent'
        echo 'graph_scale no'
        echo 'pattmatch.label % percent'
        if [ -n "${warning:-}" ]; then
                echo "pattmatch.warning $warning"
        fi
        if [ -n "${critical:-}" ]; then
                echo "pattmatch.critical $critical"
        fi
        echo 'pattmatch.info The percent of data received that Snort processes in pattern matching'
        echo 'graph_category Snort'

        exit 0
fi

printf "pattmatch.value "
tail -n1 "$_target" | awk -F, '{ print $7 }'