AnsweredAssumed Answered

Nagios Plugins for Security Analytics

Question asked by David Waugh Employee on Feb 9, 2016

Here are some additional Nagios Plugins that might be useful if you are monitoring Security Analytics via Nagios. They are mainly used for graphing rather than warning but they could be easily adapted.@

 

They use the check_by_ssh command to run the scripts remotely on the different appliances.

 

$USER1$/check_by_ssh -H $HOSTADDRESS$ ./index-profile-1.2-nagios.pl -l root -t 60

 

The scripts are a combination of work from colleagues  (Lee Kirkpatrick Maxim Siyazov Davide Veneziano) and my own efforts.

 

Note these scripts have the admin netwitness credentials hardcoded inside them, which is not best security practise!

 

Script to Get Current Log Decoder Capture Rate

 

Command Line: ./getEPS_logdecoder.sh

Example Output: capture rate: 0|capture_rate=0;;

Install on: Log Decoder

 

Script to get Log Collection EPS

Install on Log Collector

Command Line: ./getEPS_nagios.sh

Example Output: Syslog: 0 SDEE: 0 Windows: 0 Checkpoint: 0 VMWare: 0 File: 0 Netflow: 0 ODBC:  Total: 0|Syslog=0 SDEE=0 Windows=0 Checkpoint=0 VMWare=0 File=0 Netflow=0 ODBC=0 Total=0;;

 

Script to Monitor Warehouse Streams Behind Value

Install on Warehouse Connector

Command Line: ./get_Warehouse.sh

Example Output: Elastic3: 28815 LogStream3: 8404 PacketStream3: 1860 |Elastic3=28815 LogStream3=8404 PacketStream3=1860 ;;

 

Script to Monitor Index Keys that are over 70% Full

Install on Concentrator

Command Line:  ./index-profile-1.2-nagios.pl

Example Output: param=100.00% user.session=100.00% stransport=90.61% ip.srcport=82.57% |param=100.00% user.session=100.00% stransport=90.61% ip.srcport=82.57% ;;

Outcomes