NAME

suricata_extract_submit_extend - Provides a LibreNMS style SNMP extend for suricata_extract_submit stats

VERSION

1.0.0

SYNOPSIS

extend suricata-extract /usr/local/bin/suricata_extract_submit_extend

SWITCHES

-Z

Do not use conditional GZip+BASE64 compression.

-c <stats file>

The stats file created by suricata_extract_submit.

Default :: /var/cache/suricata_extract_submit_stats.json

-d <stats dir>

The stats used by suricata_extract_submit.

Default :: /var/cache/suricata_extract_submit_stats

-r <seconds>

The number of seconds to look back buy for generating stats.

Default :: 300

-h|--help

Print help info.

-v|--version

Print version info.

Generated JSON

The generated JSON is a standard LibreNMS style return. For more information on that see https://docs.librenms.org/Developing/Application-Notes/.

All stat keys come in counter and gauge variety. The gauge variety has '_delta' appended to the name and a count of just those items for the time period in question.

General Data Keys...

- timestamp :: Epoch time it was generated at.

- last_errors :: A array containing encounted errors.

Stat Keys...

- errors :: Number of general errors encounted.

- ignored_host :: Files skipped as the host in question is set to be ignored.

- ignored_ip :: Files skipped as either the src or dest IP/subnet is set to be ignored.

- ignored_ip_dest :: Files skipped as either the dest IP/subnet is set to be ignored.

- ignored_ip_src :: Files skipped as either the src IP/subnet is set to be ignored.

- ignored_path :: Files skipped as the path is set to be ignored.

- ignored_size_max :: Files skipped as they are larger than the max size to submit.

- ignored_ua :: Files skipped as the useragent is set to be ignored.

- ignored_webacl :: Files skipped as a Web::ACL item hit. This allows matching on both useragent and path.

- sub :: Files submitted.

- sub_2xx :: Submissions with a 2xx HTTP status code result.

- sub_3xx :: Submissions with a 3xx HTTP status code result.

- sub_4xx :: Submissions with a 4xx HTTP status code result.

- sub_5xx :: Submissions with a 5xx HTTP status code result.

- sub_fail :: Submissions that have failed.

- sub_size :: Total size of submissions in bytes.

- truncated :: Files which are truncated as Suricata did not have all the packets.

- zero_sized :: Files which are zero in size and thus ignored.

To install CAPE::Utils, copy and paste the appropriate command in to your terminal.

cpanm

cpanm CAPE::Utils

CPAN shell

perl -MCPAN -e shell
install CAPE::Utils

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)