iac
/
syslog-ng
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

stats

This commit is contained in:
Kameron Kenny 2024-10-28 17:40:15 -04:00
parent debc4c5dd6
commit 15599d467b
No known key found for this signature in database
GPG Key ID: E5006629839D2276
5 changed files with 97 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -1 +1,2 @@
*.bak
*.swp

2
Dockerfile
View File

@ -1,7 +1,7 @@
FROM debian:latest
MAINTAINER Kameron Kenny <kkenny379@gmail.com>
LABEL version="20241028171952"
LABEL version="20241028174015"
LABEL description="Debian Based syslog-ng"
RUN apt-get update

93
config/syslog-ng.conf.d/nas81-stats-template.conf Normal file
View File

@ -0,0 +1,93 @@
template t_suricata_nas81_stats {
template("{ \"timestamp\": \"${ISODATE}\", \"event_type\": \"stats\", \"stats\": { \
\"uptime\": ${uptime}, \
\"capture\": { \
\"kernel_packets\": ${kernel_packets}, \
\"kernel_drops\": ${kernel_drops}, \
\"errors\": ${errors}, \
\"afpacket\": { \
\"busy_loop_avg\": ${busy_loop_avg}, \
\"polls\": ${polls}, \
\"poll_signal\": ${poll_signal}, \
\"poll_timeout\": ${poll_timeout}, \
\"poll_data\": ${poll_data}, \
\"poll_errors\": ${poll_errors}, \
\"send_errors\": ${send_errors} \
} \
}, \
\"decoder\": { \
\"pkts\": ${pkts}, \
\"bytes\": ${bytes}, \
\"invalid\": ${invalid}, \
\"protocols\": { \
\"ipv4\": ${ipv4}, \
\"ipv6\": ${ipv6}, \
\"ethernet\": ${ethernet}, \
\"arp\": ${arp}, \
\"tcp\": ${tcp}, \
\"udp\": ${udp}, \
\"icmp\": { \
\"icmpv4\": ${icmpv4}, \
\"icmpv6\": ${icmpv6} \
}, \
\"vlan\": ${vlan} \
}, \
\"errors\": { \
\"trunc_pkt\": ${trunc_pkt}, \
\"opt_pad_required\": ${opt_pad_required}, \
\"zero_len_padn\": ${zero_len_padn} \
} \
}, \
\"tcp\": { \
\"syn\": ${syn}, \
\"synack\": ${synack}, \
\"rst\": ${rst}, \
\"active_sessions\": ${active_sessions}, \
\"sessions\": ${sessions}, \
\"memuse\": ${memuse} \
}, \
\"flow\": { \
\"total\": ${total_flow}, \
\"active\": ${active_flow}, \
\"tcp\": ${tcp_flow}, \
\"udp\": ${udp_flow}, \
\"icmp\": { \
\"icmpv4\": ${icmpv4_flow}, \
\"icmpv6\": ${icmpv6_flow} \
} \
}, \
\"detect\": { \
\"engines\": [{ \
\"id\": ${engine_id}, \
\"last_reload\": \"${last_reload}\", \
\"rules_loaded\": ${rules_loaded}, \
\"rules_failed\": ${rules_failed} \
}], \
\"alert\": { \
\"count\": ${alert_count}, \
\"suppressed\": ${alert_suppressed} \
} \
}, \
\"app_layer\": { \
\"flow\": { \
\"http\": ${http_flow}, \
\"tls\": ${tls_flow}, \
\"dns\": { \
\"udp\": ${dns_udp_flow} \
}, \
\"failed_tcp\": ${failed_tcp}, \
\"failed_udp\": ${failed_udp} \
} \
}, \
\"memory\": { \
\"capture\": { \
\"pressure\": ${memcap_pressure}, \
\"pressure_max\": ${memcap_pressure_max} \
}, \
\"http\": { \
\"memuse\": ${http_memuse} \
} \
} \
}}\n");
};

4
config/syslog-ng.conf.d/nas81.conf
View File

@ -23,9 +23,7 @@ destination d_nas81_suricata_stats {
index("nas81")
type("")
url("http://pi501.in.thelinuxpro.net:9200/_bulk")
template("$(format-json --scope rfc5424 --scope dot-nv-pairs
--rekey .* --shift 1 --scope nv-pairs
--exclude DATE @timestamp=${ISODATE})")
template(t_suricata_nas81_stats)
persist-name("d_nas81_suricata_stats")
);
};

2
docker-compose.yml
View File

@ -10,7 +10,7 @@ services:
syslog-ng:
build:
dockerfile: Dockerfile
image: docker-registry1.in.thelinuxpro.net:5000/tlp/syslog-ng:20241028171952
image: docker-registry1.in.thelinuxpro.net:5000/tlp/syslog-ng:20241028174015
container_name: syslog-ng
restart: unless-stopped
networks: