Initial version

2025-07-25 02:18:08 +00:00 · 2011-06-14 14:09:51 +02:00 · 2011-06-14 14:09:51 +02:00 · 5932ea0ed3
commit 5932ea0ed3
parent d19c429add
1 changed files with 46 additions and 0 deletions
--- a/plugins/other/ossec-alerts
+++ b/plugins/other/ossec-alerts
@ -0,0 +1,46 @@
+#!/bin/bash
+
+if [ "$1" = "autoconf" ]; then
+echo "yes"
+exit 0
+fi
+
+if [ "$1" = "config" ]; then
+echo "graph_title Ossec Alerts per service"
+echo "graph_args --base 1000 -l 0"
+echo "graph_vlabel Number of Alerts per service"
+echo "graph_category Ossec"
+echo "graph_scale no"
+echo "apache.label APACHE"
+echo "apache.draw LINE2"
+echo 'apache.min 0'
+echo "ssh.label SSH"
+echo "ssh.draw LINE2"
+echo 'ssh.min 0'
+echo "sudo.label SUDO"
+echo "sudo.draw LINE2"
+echo 'sudo.min 0'
+echo "total.label TOTAL"
+echo "total.draw LINE2"
+echo 'total.min 0'
+exit 0
+fi
+
+rm -fr /tmp/ossecalerts*
+logdir="/var/ossec/logs/alerts"
+
+###For Loop for grepping the last 5 mins logs 
+for (( i = 5; i >=0; i-- )) ; do
+     grep $(date +%R -d "-$i  min") $logdir/alerts.log >> /tmp/ossecalerts.log
+done
+
+APACHE=`cat /tmp/ossecalerts.log | grep -i 'apache\|http' | wc -l`
+SSH=`cat /tmp/ossecalerts.log | grep ssh | wc -l`
+SUDO=`cat /tmp/ossecalerts.log | grep sudo | wc -l`
+TOTAL=`cat /tmp/ossecalerts.log | grep -v ">"| wc -l`
+
+echo "apache.value ${APACHE}"
+echo "ssh.value ${SSH}"
+echo "sudo.value ${SUDO}"
+echo "total.value ${TOTAL}"
+exit 0