Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/VVelox/Suricata-Monitoring
LibreNMS JSON / Nagios monitor for Suricata stats.
https://github.com/VVelox/Suricata-Monitoring
Last synced: about 2 months ago
JSON representation
LibreNMS JSON / Nagios monitor for Suricata stats.
- Host: GitHub
- URL: https://github.com/VVelox/Suricata-Monitoring
- Owner: VVelox
- Created: 2022-04-14T14:46:59.000Z (over 2 years ago)
- Default Branch: main
- Last Pushed: 2024-06-04T04:24:08.000Z (3 months ago)
- Last Synced: 2024-06-04T05:31:49.554Z (3 months ago)
- Language: Perl
- Size: 62.5 KB
- Stars: 0
- Watchers: 2
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Changelog: Changes
Awesome Lists containing this project
- awesome-suricata - Suricata-Monitoring - LibreNMS JSON / Nagios monitor for Suricata stats. (Operations, Monitoring and Troubleshooting)
README
# Suricata-Monitoring
LibreNMS JSON SNMP extend and Nagios style check for Suricata stats.
For Nagious, this should be ran via NRPE.
For LibreNMS, this should be set up to run from cron and as a snmp extend.
cron...
`*/5 * * * * /usr/local/bin/suricata_stat_check > /dev/null`
snmpd...
`extend suricata-stats /bin/cat /var/cache/suricata-monitoring/snmp`
## SYNOPSIS
```
suricata_stats_check [B<-m> single] [B<-s> ] [B<-S> ] [B<-d> ]
[B<-D> ] [B<-e> ] [B<-E> ]
[B<-r> ] [B<-r> ]
suricata_stats_check B<-m> slug [B<--slug> ] [B<-l> ] [B<-d> ]
[B<-D> ] [B<-e> ] [B<-E> ]
[B<-r> ] [B<-r> ]
suricata_stats_check B<-m> manual B<-1> [B<-d> ]
[B<-D> ] [B<-e> ] [B<-E> ]
[B<-r> ] [B<-r> ] [B<-2> ] [B<-3> ]
[B<-4> ] [B<-5> ] [B<-6> ] [B<-7> ]
[B<-8> ] [B<-9> ] [B<-0> ]
suricata_stats_check -c
```
## Flags
```
-m Mode to run in.
Default: single
-s Eve file for use with single mode.
Default: /var/log/suricata/eve.json
-S Instance name to use in single mode.
Default: ids
--slug The slug to use in slug mode.
Default: alert
-l Log directory for slug mode.
Default: /var/log/suricata
-0 A file to use in manual mode.
-1 A file to use in manual mode.
-2 A file to use in manual mode.
-3 A file to use in manual mode.
-4 A file to use in manual mode.
-5 A file to use in manual mode.
-6 A file to use in manual mode.
-7 A file to use in manual mode.
-8 A file to use in manual mode.
-9 A file to use in manual mode.
-0 A file to use in manual mode.
-c Print the cache and exit.
-d Percent of drop packets to warn on.
Default: 0.75%
-D Percent of dropped packets to critical on.
Default: 1%
-e Error delta to warn on.
Default: 1
-E Error delta to critical on.
Default: 2
-r Percent of drop packets to warn on.
Default: 0.05%
-R Percent of drop packets to warn on.
Default: 0.1%
-n Run as a nagios check style instead of LibreNMS.
-a How far back to read.
Default: 360
-h Print help info.
--help Print help info.
-v Print version info.
--version Print version info.
```
## Modes
### single
Use the specified eve file, -e, and the specified instance name, -i.
### slug
Check the dir specified, -l. for files starting with the
slug, -s. The files must match
`/^$slug\-[A-Za-z\_\-]\.[Jj][Ss][Oo][Nn]$/`. The instance name is formed
by removing `/^$slug\-/` and `/\.[Jj][Ss][Oo][Nn]$/`. So
"alert-ids.json" becomes "ids".
### manual
Use the files specified via -0 to -9 to specify instance
names and files. The value taken by each of those is comma seperated
with the first part being the instance name and the second being the
eve file. So "inet,/var/log/suricata/inet.json" would be a instance
name of "inet" with a eve file of "/var/log/suricata/inet.json".