NAME

mojo_cape_submit_extend - Compute stats for mojo_cape_submit based on incoming JSONs

VERSION

0.1.0

SYNOPSIS

mojo_cape_submit_extend [-Z] [-m <incoming JSON dir>]

DESCRIPTION

Computes the stats for mojo_cape_submit based on the incoming JSON files.

SWITCHES

-m <dir>

The incoming JSON dir.

Default: /malware/incoming-json/

-Z

Do not optionally GZip+Base64 compress the results.

Generated JSON

The generated JSON is a standard LibreNMS style return. For more information on that see https://docs.librenms.org/Developing/Application-Notes/.

- .changed_hashes[] :: A array of IDs that has had the hashes changed from between
    being checksumed prior to sending and after being received.

All stats generated are gauges, just displaying the value for the current time slot.

Totals hash...

- .totals.app_proto.$app_proto :: '.totals.app_proto' is a hash of totals for files
    extracted using that app proto.

- .totals.hash_changed :: Total of hashes that changed.

- .totals.size_max :: Max submitted file size.

- .totals.size_mean :: Mean size of submitted files.

- .totals.size_median :: Median size of submitted files.

- .totals.size_min :: Min size of submitted files.

- .totals.size_mode :: Mode of the size of submitted files.

- .totals.size_stddev :: Standard deviation of the size of submitted files.

- .totals.size_sum :: Sum of the size of submitted files.

- .totals.slug_count :: Total number of submitted files.

- .totals.sub_count :: Total number of submitted files.

Slugs hash...

- .slugs.$slug :: A per slug hash that is the same as the totals hash,
    but only for the that specific slug. This only includes slug seen
    during the current time slot.