NAGIOS | poor mans report scripting

You wanna report some stuff to nagios the easy way? Try this. Nagios server side: Install netcat. Run a eternal loop script: # while true; do nc -l -p <THE_PORT_YOU_WANNA_LISTEN_TO> >> /var/nagios/rw/nagios.cmd; done& Client side: Install netcat. Drop your info to the NAGIOS server with something like: # echo -e “[$(date +%s)] PROCESS_SERVICE_CHECK_RESULT;<NAGIOSCONFIG_SERVER_NAME>;<NAGIOSCONFIG_SERVICE_NAME>;<RESULT_0_or_1_or_2>;<YOUR_IMPORTANT_MESSAGE>” | nc […]

SELKS | suricata | Nagios monitoring

You wanna monitor suricata via nagios? On Suricata machine do: 1. Create a pipe and set permissions. # mknod -m 666 /var/pipes/suricata.pipe p 2. Let suricata write the fast log to this pipe tuning the /etc/suricata/selks[VERSION]-addin.yaml: outputs: # a line based alerts log similar to Snort’s fast.log – fast: enabled: yes filename: /var/pipes/suricata.pipe append: yes […]

SELKS | suricata | Scirius | Elasticsearch | Hints

1. Manual update SELKS performs a daily suricata update (via /etc/crontab). To execute it manually call as www-data (!!!) NEVER RUN AS ROOT!!! # /bin/sh -c /bin/bash ‘cd /usr/share/python/scirius/ && . bin/activate && python bin/ updatesuricata && deactivate’ www-data 2. fast.log rotation You MUST restart suricata to create a functional fast.log after logrotate. SIGHUP and/or […]