add -a for how far back to read

This commit is contained in:
Zane C. B-H 2022-08-04 10:02:03 -05:00
parent fbf0dd26d4
commit 59a8bd430d
3 changed files with 30 additions and 13 deletions

View File

@ -79,6 +79,9 @@ suricata_stats_check -c
-n Run as a nagios check style instead of LibreNMS.
-a <seconds> How far back to read.
Default: 360
-h Print help info.
--help Print help info.
-v Print version info.

View File

@ -8,17 +8,17 @@ suricata_stat_check - LibreNMS JSON SNMP extend and Nagios style check for Suric
suricata_stats_check [B<-m> single] [B<-s> <eve>] [B<-S> <instance name>] [B<-d> <drop percent warn>]
[B<-D> <drop percent crit>] [B<-e> <error delta warn>] [B<-E> <error delta crit>]
[B<-r> <error percent warn>] [B<-r> <error percent crit>]
[B<-r> <error percent warn>] [B<-r> <error percent crit>] [B<-a> <seconds>]
suricata_stats_check B<-m> slug [B<-s> <slug>] [B<-l> <log dir>] [B<-d> <drop percent warn>]
[B<-D> <drop percent crit>] [B<-e> <error delta warn>] [B<-E> <error delta crit>]
[B<-r> <error percent warn>] [B<-r> <error percent crit>]
[B<-r> <error percent warn>] [B<-r> <error percent crit>] [B<-a> <seconds>]
suricata_stats_check B<-m> manual B<-1> <manual> [B<-d> <drop percent warn>]
[B<-D> <drop percent crit>] [B<-e> <error delta warn>] [B<-E> <error delta crit>]
[B<-r> <error percent warn>] [B<-r> <error percent crit>] [B<-2> <manual>] [B<-3> <manual>]
[B<-4> <manual>] [B<-5> <manual>] [B<-6> <manual>] [B<-7> <manual>]
[B<-8> <manual>] [B<-9> <manual>] [B<-0> <manual>]
[B<-8> <manual>] [B<-9> <manual>] [B<-0> <manual>] [B<-a> <seconds>]
suricata_stats_check B<-c> [B<-b>]
@ -38,6 +38,10 @@ extend suricata-stats /usr/local/bin/suricata_stat_check -c -b
=head1 FLAGS
=head2 -a <seconds>
How far back to read in seconds.
=head2 -c
Print the saved cached and exit.
@ -256,6 +260,9 @@ sub help {
-R <error percent crit> Percent of drop packets to warn on.
Default: 0.1%
-a <seconds> How far back to read.
Default: 360
-n Run as a nagios check style instead of LibreNMS.
-h Print help info.
@ -326,6 +333,7 @@ my $error_percent_warn = '.05';
my $error_percent_crit = '.1';
my $print_cache;
my $compress;
my $max_age = 360;
Getopt::Long::Configure('no_ignore_case');
Getopt::Long::Configure('bundling');
GetOptions(
@ -357,6 +365,7 @@ GetOptions(
'R=s' => \$error_percent_crit,
'c' => \$print_cache,
'b' => \$compress,
'a=s' => \$max_age,
);
# print version or help if requested
@ -581,6 +590,7 @@ my $args = {
error_percent_warn => $error_percent_warn,
error_percent_crit => $error_percent_crit,
files => $instances,
max_age => $max_age,
};
if ($nagios) {

View File

@ -16,11 +16,11 @@ Suricata::Monitoring - LibreNMS JSON SNMP extend and Nagios style check for Suri
=head1 VERSION
Version 0.2.0
Version 0.3.0
=cut
our $VERSION = '0.2.0';
our $VERSION = '0.3.0';
=head1 SYNOPSIS
@ -77,6 +77,9 @@ The only must have is 'files'.
- error_percent_crit :: Error percent critical threshold.
- Default :: .1
- max_age :: How far back to read in seconds.
- Default :: 360
- files :: A hash with the keys being the instance name and the values
being the Eve files to read. ".total" is not a valid instance name.
Similarly anything starting with a "." should be considred reserved.
@ -89,6 +92,7 @@ The only must have is 'files'.
error_delta_crit => 2,
error_percent_warn => .05,
error_percent_crit => .1,
max_age => 360,
files=>{
'ids'=>'/var/log/suricata/alert-ids.json',
'foo'=>'/var/log/suricata/alert-foo.json',
@ -118,16 +122,16 @@ sub new {
};
bless $self;
# reel in the threshold values
my @thresholds = (
# reel in the numeric args
my @num_args = (
'drop_percent_warn', 'drop_percent_crit', 'error_delta_warn', 'error_delta_crit',
'error_percent_warn', 'error_percent_crit'
'error_percent_warn', 'error_percent_crit', 'max_age'
);
for my $threshold (@thresholds) {
if ( defined( $args{$threshold} ) ) {
$self->{$threshold} = $args{$threshold};
if ( $args{$threshold} !~ /[0-9\.]+/ ) {
confess( '"' . $threshold . '" with a value of "' . $args{$threshold} . '" is not numeric' );
for my $num_arg (@num_args) {
if ( defined( $args{$num_arg} ) ) {
$self->{$num_arg} = $args{$num_arg};
if ( $args{$num_arg} !~ /[0-9\.]+/ ) {
confess( '"' . $num_arg . '" with a value of "' . $args{$num_arg} . '" is not numeric' );
}
}
}