|
|
 CRONTAB
--------------
# Every 10 minutes snort will dump a bunch of stats to syslog
*/10 * * * * kill -10 `cat /var/run/snort_eth1.pid`
mrtg_snort script
--------------
#!/bin/bash
if test -z "$1"
then
echo "Usage: mrtg_snort packets|alerts|logged|udp|icmp|arp|other|dropped"
exit 0
fi
case "$1" in
packets )
OUTPUT=`grep " TCP: " /var/log/messages | tail -1 | tr -s " " | cut -d " " -f 7`;;
alerts )
OUTPUT=`grep " TCP: " /var/log/messages | tail -1 | tr -s " " | cut -d " " -f 10`;;
udp )
OUTPUT=`grep " TCP: " /var/log/messages | tail -1 | tr -s " " | cut -d " " -f 7`;;
logged )
OUTPUT=`grep " TCP: " /var/log/messages | tail -1 | tr -s " " | cut -d " " -f 10`;;
icmp )
OUTPUT=`grep " ICMP: " /var/log/messages | tail -1 | tr -s " " | cut -d " " -f 7`;;
arp )
OUTPUT=`grep " ARP: " /var/log/messages | tail -1 | tr -s " " | cut -d " " -f 7`;;
other )
OUTPUT=`grep " OTHER: " /var/log/messages | tail -1 | tr -s " " | cut -d " " -f 7`;;
dropped )
OUTPUT=`grep "dropping " /var/log/messages | tail -1 | cut -d "(" -f 1 | tr -s " " | cut -d " " -f 7`;;
*)
echo "Usage: mrtg_snort packets|alerts|logged|udp|icmp|arp|other|dropped"
exit 0
esac
echo $OUTPUT
echo $OUTPUT
uptime | tr -s ' ' | cut -d ',' -f 1 | cut -d 'u' -f 2 | sed -e 's/p //'
echo "MRTG SNORT"
MRTG.CFG
----------------
Target[packets]: `/usr/local/sbin/mrtg_snort packets`
Target[alerts]: `/usr/local/sbin/mrtg_snort alerts`
Target[udp]: `/usr/local/sbin/mrtg_snort udp`
Target[icmp]: `/usr/local/sbin/mrtg_snort icmp`
Target[arp]: `/usr/local/sbin/mrtg_snort arp`
Target[other]: `/usr/local/sbin/mrtg_snort other`
Target[dropped]: `/usr/local/sbin/mrtg_snort dropped`
|
|
