Hi guys
Im trying to graph attack rates on the firewall
Im using the following script :-
import cgitb, os, subprocess, time, string, datetime
from endian.core.widget import *
from endian.data.ds import *
from configobj import ConfigObj
from uplinksdaemon.uplinks import UplinksPool
from endian.core.monit import Monit
import endian.core.i18n
import elementtree.ElementTree as ElementTree
import glob
RRD_DIR = '/var/lib/collectd/rrd'
UUID_FILE = '/etc/uuid'
def getRRDInformation(file, step, start, end):
if not file.startswith('/'):
f = open(UUID_FILE,'r')
uuid = f.read().strip()
except Exception:
uuid = 'invalid-uuid'
file = '%s/%s/%s' %(RRD_DIR,uuid,file)
if not os.path.exists(file):
return 0
cmd = ['/usr/bin/rrdtool','xport',
'--step', step, '-e',end, '-s', start,
'DEF:conn_avg=%s:value:AVERAGE' %file,
output = subprocess.Popen(cmd,stdout=subprocess.PIPE).communicate()[0].strip()
value = 0
tree = ElementTree.fromstring(output)
row = tree.find('data').findall('row')[-1]
value = int(float(row.find('v').text))
except Exception:
return 0
return value
snort1 = getRRDInformation('tail-snort/connections-alert.rrd','1800','NOW-1d','NOW')
print '%d' % (snort1)
And the following in the snmpd.conf
extend . day /usr/sbin/day.py
But its really not working well.....
Anyone managed to graph the hourly/daily attack numbers via cacti
