NAME

Suricata::Monitoring - LibreNMS JSON SNMP extend and Nagios style check for Suricata stats

VERSION

Version 1.0.0

SYNOPSIS

use Suricata::Monitoring;

my $args = {
    mode               => 'librenms',
    drop_percent_warn  => .75;
    drop_percent_crit  => 1,
    error_delta_warn   => 1,
    error_delta_crit   => 2,
    error_ignore=>[],
    files=>{
           'ids'=>'/var/log/suricata/alert-ids.json',
           'foo'=>'/var/log/suricata/alert-foo.json',
           },
};

my $sm=Suricata::Monitoring->new( $args );
my $returned=$sm->run;
$sm->print;
exit $returned->{alert};

METHODS

new

Initiate the object.

The args are taken as a hash ref. The keys are documented as below.

The only must have is 'files'.

- mode :: Wether the print_output output should be for Nagios or LibreNMS.
  - value :: 'librenms' or 'nagios'
  - Default :: librenms

- drop_percent_warn :: Drop percent warning threshold.
  - Default :: .75

- drop_percent_crit :: Drop percent critical threshold.
  - Default :: 1

- error_delta_warn :: Error delta warning threshold. In errors/second.
  - Default :: 1

- error_delta_crit :: Error delta critical threshold. In errors/second.
  - Default :: 2

- max_age :: How far back to read in seconds.
  - Default :: 360

- files :: A hash with the keys being the instance name and the values
  being the Eve files to read.

my $args = {
    mode               => 'librenms',
    drop_percent_warn  => .75;
    drop_percent_crit  => 1,
    error_delta_warn   => 1,
    error_delta_crit   => 2,
    max_age            => 360,
    error_ignore=>[],
    files=>{
           'ids'=>'/var/log/suricata/alert-ids.json',
           'foo'=>'/var/log/suricata/alert-foo.json',
           },
};

my $sm=Suricata::Monitoring->new( $args );

run

This runs it and collects the data. Also updates the cache.

This will return a LibreNMS style hash.

my $returned=$sm->run;

Prints the output.

$sm->print_output;

LibreNMS HASH

+ $hash{'alert'} :: Alert status.
  - 0 :: OK
  - 1 :: WARNING
  - 2 :: CRITICAL
  - 3 :: UNKNOWN

AUTHOR

Zane C. Bowers-Hadley, <vvelox at vvelox.net>

BUGS

Please report any bugs or feature requests to bug-suricata-monitoring at rt.cpan.org, or through the web interface at https://rt.cpan.org/NoAuth/ReportBug.html?Queue=Suricata-Monitoring. I will be notified, and then you'll automatically be notified of progress on your bug as I make changes.

SUPPORT

You can find documentation for this module with the perldoc command.

perldoc Suricata::Monitoring

You can also look for information at:

"Suricata-Monitoring.git" in git@github.com:VVelox

ACKNOWLEDGEMENTS

LICENSE AND COPYRIGHT

This software is Copyright (c) 2024 by Zane C. Bowers-Hadley.

This is free software, licensed under:

The Artistic License 2.0 (GPL Compatible)

3 POD Errors

The following errors were encountered while parsing the POD:

Around line 558:

Unknown directive: =head

Around line 562:

'=item' outside of any '=over'

Around line 566:

You forgot a '=back' before '=head1'