2016-02-09 09:23 AM
Here are some additional Nagios Plugins that might be useful if you are monitoring Security Analytics via Nagios. They are mainly used for graphing rather than warning but they could be easily adapted.@
They use the check_by_ssh command to run the scripts remotely on the different appliances.
$USER1$/check_by_ssh -H $HOSTADDRESS$ ./index-profile-1.2-nagios.pl -l root -t 60
The scripts are a combination of work from colleagues (Lee Kirkpatrick Maxim Siyazov Davide Veneziano) and my own efforts.
Note these scripts have the admin netwitness credentials hardcoded inside them, which is not best security practise!
Command Line: ./getEPS_logdecoder.sh
Example Output: capture rate: 0|capture_rate=0;;
Install on: Log Decoder
Install on Log Collector
Command Line: ./getEPS_nagios.sh
Example Output: Syslog: 0 SDEE: 0 Windows: 0 Checkpoint: 0 VMWare: 0 File: 0 Netflow: 0 ODBC: Total: 0|Syslog=0 SDEE=0 Windows=0 Checkpoint=0 VMWare=0 File=0 Netflow=0 ODBC=0 Total=0;;
Install on Warehouse Connector
Command Line: ./get_Warehouse.sh
Example Output: Elastic3: 28815 LogStream3: 8404 PacketStream3: 1860 |Elastic3=28815 LogStream3=8404 PacketStream3=1860 ;;
Install on Concentrator
Command Line: ./index-profile-1.2-nagios.pl
Example Output: param=100.00% user.session=100.00% stransport=90.61% ip.srcport=82.57% |param=100.00% user.session=100.00% stransport=90.61% ip.srcport=82.57% ;;