Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

securityonion-sostat: check for syslog-ng drops #1660

Closed
dougburks opened this issue Oct 30, 2019 · 3 comments
Assignees
Projects

Comments

@dougburks
Copy link
Contributor

@dougburks dougburks commented Oct 30, 2019

https://groups.google.com/d/topic/security-onion/G-phEjqoiuU/discussion

sostat should check for syslog-ng drops via syslog-ng-ctl stats

@dougburks dougburks self-assigned this Oct 30, 2019
@dougburks dougburks added this to To do in 16.04.6.3 via automation Oct 30, 2019
dougburks added a commit to Security-Onion-Solutions/securityonion-sostat that referenced this issue Oct 30, 2019
@dougburks dougburks moved this from To do to In progress in 16.04.6.3 Oct 30, 2019
@dougburks

This comment has been minimized.

Copy link
Contributor Author

@dougburks dougburks commented Oct 30, 2019

The following package is now available at ppa:securityonion/test:

securityonion-sostat - 20120722-0ubuntu0securityonion134

Please test as follows:

  • install the latest ISO image in a VM

  • run Setup choosing Evaluation Mode

  • if possible, create a snapshot of the VM

  • add the test PPA:

sudo add-apt-repository -y ppa:securityonion/test
  • install updates:
sudo soup
  • run sostat and verify that there is a new syslog-ng section near the bottom of the output:
sudo sostat
  • create some syslog-ng drops by stopping logstash:
sudo so-logstash-stop
  • create some logs:
for i in $(seq 1 100); do logger test; done
  • run sostat again and verify that the new syslog-ng section now includes a warning about syslog-ng drops:
sudo sostat
  • verify no regressions

  • anything else we missed?

Thanks in advance for your time and effort!

@dougburks dougburks moved this from In progress to In Testing in 16.04.6.3 Oct 30, 2019
@weslambert

This comment has been minimized.

Copy link
Collaborator

@weslambert weslambert commented Nov 1, 2019

Looks good from my testing 👍

@dougburks

This comment has been minimized.

Copy link
Contributor Author

@dougburks dougburks commented Nov 4, 2019

@dougburks dougburks closed this Nov 4, 2019
16.04.6.3 automation moved this from In Testing to Done Nov 4, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
16.04.6.3
  
Done
2 participants
You can’t perform that action at this time.