update the ossec plugin

- harmonize the coding style of the three scripts - harmonize the label names and file names with other popular plugins - fix active_response script to use correct date format
2025-07-25 02:18:08 +00:00 · 2015-02-04 17:24:37 +01:00 · 2015-02-04 17:24:37 +01:00 · c098ee86fa
commit c098ee86fa
parent 375621b4ba
6 changed files with 126 additions and 156 deletions
--- a/plugins/ossec/ossec_alerts
+++ b/plugins/ossec/ossec_alerts
@ -0,0 +1,49 @@
+#!/bin/bash
+
+if [ "$1" = "autoconf" ]; then
+	echo "yes"
+	exit 0
+fi
+
+if [ "$1" = "config" ]; then
+	echo "graph_title Ossec alerts per service"
+	echo "graph_args --base 1000 -l 0"
+	echo "graph_vlabel Number of alerts per service"
+	echo "graph_category ossec"
+	echo "graph_scale no"
+	echo "apache.label httpd"
+	echo "apache.draw LINE2"
+	echo 'apache.min 0'
+	echo "ssh.label ssh"
+	echo "ssh.draw LINE2"
+	echo 'ssh.min 0'
+	echo "sudo.label sudo"
+	echo "sudo.draw LINE2"
+	echo 'sudo.min 0'
+	echo "total.label total"
+	echo "total.draw LINE2"
+	echo 'total.min 0'
+	exit 0
+fi
+
+### Deleting temporary log files from last run
+rm -f /tmp/ossecalerts.log
+logdir="/var/ossec/logs/alerts"
+
+###For Loop for grepping the last 5 mins logs
+for (( i = 5; i >=0; i-- )) ; do
+	grep $(date +%R -d "-$i  min") $logdir/alerts.log >> /tmp/ossecalerts.log
+done
+### End for loop
+
+### count the lines for each service in the temporary log file
+APACHE=`cat /tmp/ossecalerts.log | grep -i 'apache\|http' | wc -l`
+SSH=`cat /tmp/ossecalerts.log | grep ssh | wc -l`
+SUDO=`cat /tmp/ossecalerts.log | grep sudo | wc -l`
+TOTAL=`cat /tmp/ossecalerts.log | grep -v ">"| wc -l`
+
+echo "apache.value ${APACHE}"
+echo "ssh.value ${SSH}"
+echo "sudo.value ${SUDO}"
+echo "total.value ${TOTAL}"
+exit 0