[Oisf-users] stats.log - append / overwrite options?
Cloherty, Sean E
scloherty at mitre.org
Thu Jun 8 21:27:38 UTC 2017
I am using Zabbix to track and display capture kernel packets and capture kernel drops. I am grabbing them from the stats.log using the following parameters in the Zabbix config -
UserParameter=capture.kernel_packets[*],tac '/var/log/suricata/stats.log' | grep -m 1 capture.kernel_packets | awk '/[0-9]/ {print $NF}'
UserParameter=capture.kernel_drops[*], tac '/var/log/suricata/stats.log' | grep 'capture.kernel_drops'|awk '/[0-9]/ {print $NF}'
Is there an option to overwrite the stats.log at every Suricata restart? I guess I could have ALL stats reported even if there is no value, but I was wondering if there is another way of accomplishing this.
My current setup is good unless you restart. If there are no drops since the recent restart, then the search will work backwards through stats.log until it gets to the last drop entry which will not be valid if there are no current drops.
Thank you.
Sean Cloherty
InfoSec Engineer/Scientist, Lead
MITRE Corporation
office (781) 271-3707
cell (781) 697-8043
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20170608/5afa0492/attachment.html>
More information about the Oisf-users
mailing list