diff --git a/debian/changelog b/debian/changelog index 22056b9..c4cdca4 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +securityonion-sostat (20120722-0ubuntu0securityonion71) trusty; urgency=medium + + * netsniff-ng: calculate packets drops as percentage + + -- Doug Burks Fri, 23 Jun 2017 20:29:30 -0400 + securityonion-sostat (20120722-0ubuntu0securityonion70) trusty; urgency=medium * check for stuck ELSA cron.pl and limit netsniff-ng log section to current log diff --git a/debian/patches/netsniff-ng:-calculate-packets-drops-as-percentage b/debian/patches/netsniff-ng:-calculate-packets-drops-as-percentage new file mode 100644 index 0000000..520f21b --- /dev/null +++ b/debian/patches/netsniff-ng:-calculate-packets-drops-as-percentage @@ -0,0 +1,93 @@ +Description: + TODO: Put a short summary on the line above and replace this paragraph + with a longer explanation of this change. Complete the meta-information + with other relevant fields (see below for details). To make it easier, the + information below has been extracted from the changelog. Adjust it or drop + it. + . + securityonion-sostat (20120722-0ubuntu0securityonion71) trusty; urgency=medium + . + * netsniff-ng: calculate packets drops as percentage +Author: Doug Burks + +--- +The information above should follow the Patch Tagging Guidelines, please +checkout http://dep.debian.net/deps/dep3/ to learn about the format. Here +are templates for supplementary fields that you might want to add: + +Origin: , +Bug: +Bug-Debian: http://bugs.debian.org/ +Bug-Ubuntu: https://launchpad.net/bugs/ +Forwarded: +Reviewed-By: +Last-Update: + +--- securityonion-sostat-20120722.orig/bin/sostat ++++ securityonion-sostat-20120722/bin/sostat +@@ -200,16 +200,55 @@ if [ -d /nsm/sensor_data ]; then + fi + echo + echo "-------------------------------------------------------------------------" +- if ls /var/log/nsm/*/netsniff-ng.log > /dev/null 2>&1; then +- echo +- echo "${underline}Netsniff-NG${normal}:" +- #awk 'BEGIN { RS="."; FS="/"; ORS="\n" } { if( $0 !~ /netsniff/ && substr( $2,2,length($2)-2 ) > 0 ) print "File:",FILENAME,"Processed:",$1,"Lost:",$2 }' /var/log/nsm/*/netsniff-ng.log | sed -e 's/(//' -e 's/)//' | column -t | grep -v "Lost: -0" +- for i in /var/log/nsm/*/netsniff.log; do egrep -v "^Executing|^RX|^Running|^Cannot set NIC flags" $i | sed 's|\.|\n|g' | sed 's|(||g' | sed 's|)||g' | sed 's|/| |g' | while read PROCESSED LOST; do echo "File: $i Processed: $PROCESSED Lost: $LOST"; done; done | column -t | grep -v "Processed: Lost:" | grep -v "Lost: -0" +- if [ $? -gt 0 ]; then +- echo +- echo "0 Loss" +- fi +- fi ++ if ls /var/log/nsm/*/netsniff-ng.log > /dev/null 2>&1; then ++ echo ++ echo "${underline}Netsniff-NG${normal}:" ++ for i in /var/log/nsm/*/netsniff-ng.log; ++ do ++ if grep -q -e "-[1-9]*)" "$i"; then ++ echo ++ RCVD=() ++ DRPD=() ++ IFS=".(+" ++ while read -ra line; ++ do ++ for word in "${line[@]}"; ++ do ++ if [[ $word =~ ')' ]]; then ++ RCVD+=(`echo "$word" | cut -d '/' -f1`); ++ fi ++ done; ++ done < "$i" ++ ++ IFS='+' rcvd_sum=$(echo "scale=1;${RCVD[*]}"|bc) ++ TOT_RCVD=`echo $rcvd_sum` ++ ++ IFS="-" ++ while read -ra line; ++ do ++ for word in "${line[@]}"; ++ do ++ if [[ $word =~ ')' ]]; then ++ DRPD+=(`echo "$word" | cut -d ')' -f1`); ++ fi ++ done; ++ done < "$i" ++ ++ IFS='+' drpd_sum=$(echo "scale=1;${DRPD[*]}"|bc) ++ TOT_DRPD=`echo $drpd_sum` ++ TOT_PKTS=`echo 'scale=2; '$TOT_DRPD'+'$TOT_RCVD''|bc` ++ DRPD_PCT=`echo 'scale=2; '$TOT_DRPD'*100/'$TOT_PKTS''|bc` ++ echo ++ echo Percentage of packets dropped: ++ echo ++ echo $i " -- " $DRPD_PCT ++ echo ++ else ++ echo ++ echo "0 Loss" ++ fi ++ done ++ fi + echo + header "PF_RING" + cat /proc/net/pf_ring/info diff --git a/debian/patches/series b/debian/patches/series index afa337c..ba160e2 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -67,3 +67,4 @@ issues-1042-and-1044 change-paths-from-usrbin-to-usrsbin sostat:-sostat-redacted---change-"Port"-to-"Port-"-#1057 check-for-stuck-ELSA-cron.pl-and-limit-netsniff-ng-log-section-to-current-log +netsniff-ng:-calculate-packets-drops-as-percentage