Hi guys
Im trying to graph attack rates on the firewall
Im using the following script :-
#!/usr/bin/python
import cgitb, os, subprocess, time, string, datetime
from endian.core.widget import *
from endian.data.ds import *
from configobj import ConfigObj
from uplinksdaemon.uplinks import UplinksPool
from endian.core.monit import Monit
import endian.core.i18n
endian.core.i18n.UNICODE_WORKAROUND=True
import elementtree.ElementTree as ElementTree
import glob
RRD_DIR = '/var/lib/collectd/rrd'
UUID_FILE = '/etc/uuid'
def getRRDInformation(file, step, start, end):
if not file.startswith('/'):
try:
f = open(UUID_FILE,'r')
uuid = f.read().strip()
f.close()
except Exception:
uuid = 'invalid-uuid'
file = '%s/%s/%s' %(RRD_DIR,uuid,file)
if not os.path.exists(file):
return 0
cmd = ['/usr/bin/rrdtool','xport',
'--step', step, '-e',end, '-s', start,
'DEF:conn_avg=%s:value:AVERAGE' %file,
'CDEF:mytime=conn_avg,TIME,TIME,IF',
'CDEF:sample_len_raw=mytime,PREV(mytime),-',
'CDEF:sample_len=sample_len_raw,UN,0,sample_len_raw,IF',
'CDEF:conn_avg_sample=conn_avg,UN,0,conn_avg,IF,sample_len,*',
'CDEF:conn_avg_sum=PREV,UN,0,PREV,IF,conn_avg_sample,+',
'XPORT:conn_avg_sum:total']
output = subprocess.Popen(cmd,stdout=subprocess.PIPE).communicate()[0].strip()
value = 0
try:
tree = ElementTree.fromstring(output)
row = tree.find('data').findall('row')[-1]
value = int(float(row.find('v').text))
except Exception:
return 0
return value
snort1 = getRRDInformation('tail-snort/connections-alert.rrd','1800','NOW-1d','NOW')
print '%d' % (snort1)
And the following in the snmpd.conf
extend .1.3.6.1.4.1.40000.2 day /usr/sbin/day.py
But its really not working well.....
Anyone managed to graph the hourly/daily attack numbers via cacti
?