diff options
Diffstat (limited to 'contrib/suri-graphite')
| -rwxr-xr-x | contrib/suri-graphite | 80 |
1 files changed, 80 insertions, 0 deletions
diff --git a/contrib/suri-graphite b/contrib/suri-graphite new file mode 100755 index 0000000..beac079 --- /dev/null +++ b/contrib/suri-graphite @@ -0,0 +1,80 @@ +#!/usr/bin/env python +# Copyright (C) 2013, 2015 Eric Leblond <eric@regit.org> +# +# You can copy, redistribute or modify this Program under the terms of +# the GNU General Public License version 3 as published by the Free +# Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# version 3 along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +# 02110-1301, USA. + +import suricatasc +import socket +import time +import argparse + +have_daemon = True +try: + import daemon +except: + logging.warning("No daemon support available, install python-daemon if feature is needed") + have_daemon = False + +parser = argparse.ArgumentParser(prog='suri-graphite', description='Export suricata stats to Graphite') +parser.add_argument('-H', '--host', default='localhost', help='Host running Graphite') +parser.add_argument('-P', '--port', default=2003, help='Port of Graphite data socket') +parser.add_argument('-O', '--oneshot', action='store_const', const=True, help='Send one update and exit', default=False) +parser.add_argument('-D', '--delay', default=10, help='Delay between data dump') +parser.add_argument('-r', '--root', default='suricata.perf', help='Prefix of data name in Graphite') +parser.add_argument('-o', '--output', default=None, help='Output stats to a file instead of using Graphite') +parser.add_argument('socket', help='suricata socket file to connect to', + default="/usr/local/var/run/suricata/suricata-command.socket", nargs='?') +parser.add_argument('-v', '--verbose', action='store_const', const=True, help='verbose output', default=False) +if have_daemon: + parser.add_argument('-d', '--daemon', default=False, action="store_true", help="Run as unix daemon") + + +args = parser.parse_args() + +if args.output: + import json + +def main_task(args): + sc = suricatasc.SuricataSC(args.socket) + sc.connect() + + if args.output: + logfile = open(args.output, 'a') + else: + sck = socket.socket(socket.AF_INET, socket.SOCK_STREAM) + sck.connect((args.host, int(args.port))) + + while 1: + res = sc.send_command("dump-counters") + res = res['message'] + tnow = int(time.time()) + for thread in res: + for counter in res[thread]: + if args.output: + data = {"key": "%s.%s" % (thread , counter), "value": res[thread][counter], "time": tnow} + logfile.write(json.dumps(data) + '\n') + else: + sck.send("%s.%s.%s %s %d\n" % (args.root, thread , counter, res[thread][counter], tnow)) + if args.verbose: + print "%s.%s.%s %s %d\n" % (args.root, thread , counter, res[thread][counter], tnow) + if args.oneshot: + break + time.sleep(float(args.delay)) + +if have_daemon and args.daemon: + with daemon.DaemonContext(): + main_task(args) +else: + main_task(args) |