NAME
Suricata::Monitoring - LibreNMS JSON SNMP extend and Nagios style check for Suricata stats
VERSION
Version 1.0.0
SYNOPSIS
use Suricata::Monitoring;
my $args = {
mode => 'librenms',
drop_percent_warn => .75;
drop_percent_crit => 1,
error_delta_warn => 1,
error_delta_crit => 2,
error_ignore=>[],
files=>{
'ids'=>'/var/log/suricata/alert-ids.json',
'foo'=>'/var/log/suricata/alert-foo.json',
},
};
my $sm=Suricata::Monitoring->new( $args );
my $returned=$sm->run;
$sm->print;
exit $returned->{alert};
METHODS
new
Initiate the object.
The args are taken as a hash ref. The keys are documented as below.
The only must have is 'files'.
- mode :: Wether the print_output output should be for Nagios or LibreNMS.
- value :: 'librenms' or 'nagios'
- Default :: librenms
- drop_percent_warn :: Drop percent warning threshold.
- Default :: .75
- drop_percent_crit :: Drop percent critical threshold.
- Default :: 1
- error_delta_warn :: Error delta warning threshold. In errors/second.
- Default :: 1
- error_delta_crit :: Error delta critical threshold. In errors/second.
- Default :: 2
- max_age :: How far back to read in seconds.
- Default :: 360
- files :: A hash with the keys being the instance name and the values
being the Eve files to read.
my $args = {
mode => 'librenms',
drop_percent_warn => .75;
drop_percent_crit => 1,
error_delta_warn => 1,
error_delta_crit => 2,
max_age => 360,
error_ignore=>[],
files=>{
'ids'=>'/var/log/suricata/alert-ids.json',
'foo'=>'/var/log/suricata/alert-foo.json',
},
};
my $sm=Suricata::Monitoring->new( $args );
run
This runs it and collects the data. Also updates the cache.
This will return a LibreNMS style hash.
my $returned=$sm->run;
print_output
Prints the output.
$sm->print_output;
LibreNMS HASH
+ $hash{'alert'} :: Alert status.
- 0 :: OK
- 1 :: WARNING
- 2 :: CRITICAL
- 3 :: UNKNOWN
AUTHOR
Zane C. Bowers-Hadley, <vvelox at vvelox.net>
BUGS
Please report any bugs or feature requests to bug-suricata-monitoring at rt.cpan.org
, or through the web interface at https://rt.cpan.org/NoAuth/ReportBug.html?Queue=Suricata-Monitoring. I will be notified, and then you'll automatically be notified of progress on your bug as I make changes.
SUPPORT
You can find documentation for this module with the perldoc command.
perldoc Suricata::Monitoring
You can also look for information at:
RT: CPAN's request tracker (report bugs here)
https://rt.cpan.org/NoAuth/Bugs.html?Dist=Suricata-Monitoring
CPAN Ratings
Search CPAN
"Suricata-Monitoring.git" in git@github.com:VVelox
ACKNOWLEDGEMENTS
LICENSE AND COPYRIGHT
This software is Copyright (c) 2024 by Zane C. Bowers-Hadley.
This is free software, licensed under:
The Artistic License 2.0 (GPL Compatible)
3 POD Errors
The following errors were encountered while parsing the POD:
- Around line 558:
Unknown directive: =head
- Around line 562:
'=item' outside of any '=over'
- Around line 566:
You forgot a '=back' before '=head1'