suricata_stat_check - LibreNMS JSON SNMP extend and Nagios style check for Suricata stats.
suricata_stats_check [-m single] [-s <eve>] [-S <instance name>] [-d <drop percent warn>] [-D <drop percent crit>] [-e <error delta warn>] [-E <error delta crit>] [-r <error percent warn>] [-r <error percent crit>] [-a <seconds>]
suricata_stats_check -m slug [-s <slug>] [-l <log dir>] [-d <drop percent warn>] [-D <drop percent crit>] [-e <error delta warn>] [-E <error delta crit>] [-r <error percent warn>] [-r <error percent crit>] [-a <seconds>]
suricata_stats_check -m manual -1 <manual> [-d <drop percent warn>] [-D <drop percent crit>] [-e <error delta warn>] [-E <error delta crit>] [-r <error percent warn>] [-r <error percent crit>] [-2 <manual>] [-3 <manual>] [-4 <manual>] [-5 <manual>] [-6 <manual>] [-7 <manual>] [-8 <manual>] [-9 <manual>] [-0 <manual>] [-a <seconds>]
suricata_stats_check -c [-b]
For Nagious, this should be ran via NRPE.
For LibreNMS, this should be set up to run from cron and as a snmp extend.
cron...
*/5 * * * * /usr/local/bin/suricata_stat_check
snmp.conf...
extend suricata-stats /usr/local/bin/suricata_stat_check -c -b
How far back to read in seconds.
Print the saved cached and exit.
When used with -c, gzip the output and convert to base64.
Mode to run in.
Default: single
Eve file for use with single mode.
Default: /var/log/suricata/eve.json
Instance name to use in single mode.
Default: ids
The slug to use in slug mode.
Default: alert
Log directory for slug mode.
Default: /var/log/suricata
A file to use in manual mode.
Percent of drop packets to warn on.
Default: 0.75%
Percent of dropped packets to critical on.
Default: 1%
Error delta to warn on.
Default: 1
Error delta to critical on.
Default: 2
Default: 0.05%
Default: 0.1%
Run as a nagios check style instead of LibreNMS.
Print help info.
Print version info.
Use the specified eve file, -e, and the specified instance name, -i.
Check the dir specified, -l. for files starting with the slug, -s. The files must match /^$slug\-[A-Za-z\_\-]\.[Jj][Ss][Oo][Nn]$/. The instance name is formed by removing /^$slug\-/ and /\.[Jj][Ss][Oo][Nn]$/. So "alert-ids.json" becomes "ids".
Use the files specified via -0 to -9 to specify instance names and files. The value taken by each of those is comma seperated with the first part being the instance name and the second being the eve file. So "inet,/var/log/suricata/inet.json" would be a instance name of "inet" with a eve file of "/var/log/suricata/inet.json".
To install Suricata::Monitoring, copy and paste the appropriate command in to your terminal.
cpanm
cpanm Suricata::Monitoring
CPAN shell
perl -MCPAN -e shell install Suricata::Monitoring
For more information on module installation, please visit the detailed CPAN module installation guide.