root / plugins / ossec / ossec-alerts @ ef960abc
Historique | Voir | Annoter | Télécharger (1,08 ko)
| 1 |
#!/bin/bash |
|---|---|
| 2 |
|
| 3 |
if [ "$1" = "autoconf" ]; then |
| 4 |
echo "yes" |
| 5 |
exit 0 |
| 6 |
fi |
| 7 |
|
| 8 |
if [ "$1" = "config" ]; then |
| 9 |
echo "graph_title Ossec Alerts per service" |
| 10 |
echo "graph_args --base 1000 -l 0" |
| 11 |
echo "graph_vlabel Number of Alerts per service" |
| 12 |
echo "graph_category Ossec" |
| 13 |
echo "graph_scale no" |
| 14 |
echo "apache.label APACHE" |
| 15 |
echo "apache.draw LINE2" |
| 16 |
echo 'apache.min 0' |
| 17 |
echo "ssh.label SSH" |
| 18 |
echo "ssh.draw LINE2" |
| 19 |
echo 'ssh.min 0' |
| 20 |
echo "sudo.label SUDO" |
| 21 |
echo "sudo.draw LINE2" |
| 22 |
echo 'sudo.min 0' |
| 23 |
echo "total.label TOTAL" |
| 24 |
echo "total.draw LINE2" |
| 25 |
echo 'total.min 0' |
| 26 |
exit 0 |
| 27 |
fi |
| 28 |
|
| 29 |
rm -fr /tmp/ossecalerts* |
| 30 |
logdir="/var/ossec/logs/alerts" |
| 31 |
|
| 32 |
###For Loop for grepping the last 5 mins logs |
| 33 |
for (( i = 5; i >=0; i-- )) ; do |
| 34 |
grep $(date +%R -d "-$i min") $logdir/alerts.log >> /tmp/ossecalerts.log |
| 35 |
done |
| 36 |
|
| 37 |
APACHE=`cat /tmp/ossecalerts.log | grep -i 'apache\|http' | wc -l` |
| 38 |
SSH=`cat /tmp/ossecalerts.log | grep ssh | wc -l` |
| 39 |
SUDO=`cat /tmp/ossecalerts.log | grep sudo | wc -l` |
| 40 |
TOTAL=`cat /tmp/ossecalerts.log | grep -v ">"| wc -l` |
| 41 |
|
| 42 |
echo "apache.value ${APACHE}"
|
| 43 |
echo "ssh.value ${SSH}"
|
| 44 |
echo "sudo.value ${SUDO}"
|
| 45 |
echo "total.value ${TOTAL}"
|
| 46 |
exit 0 |