Skip to content
This repository has been archived by the owner. It is now read-only.

sostat: avoid displaying "ELSA Log Node SSH Tunnels:" if there are no SSH tunnels #515

Closed
GoogleCodeExporter opened this issue Mar 24, 2015 · 2 comments

Comments

@GoogleCodeExporter
Copy link

@GoogleCodeExporter GoogleCodeExporter commented Mar 24, 2015

sostat: avoid displaying "ELSA Log Node SSH Tunnels:" if there are no SSH 
tunnels

Original issue reported on code.google.com by doug.bu...@gmail.com on 22 Mar 2014 at 11:07

@GoogleCodeExporter
Copy link
Author

@GoogleCodeExporter GoogleCodeExporter commented Mar 24, 2015

                if grep "http://127.0.0.1:50" /etc/elsa_web.conf >/dev/null 2>&1; then
                        echo "ELSA Log Node SSH Tunnels:"
                        (echo "PORT NODE IP/STATUS"
                        grep "http://127.0.0.1:50" /etc/elsa_web.conf | awk '{print $2}' | cut -d\/ -f3 | sort | while read PORT; do
                                NAME=$(grep -B1 $PORT /etc/elsa_web.conf | head -1 | cut -d\" -f2)
                                PORT_ONLY=$(echo $PORT | cut -d\: -f2)
                                if lsof -nP -i |grep "$PORT (LISTEN)" >/dev/null 2>&1; then
                                        lsof -nP -i |grep "$PORT (LISTEN)" | awk '{print $9,$2}' | while read PORT PID; do
                                                IP=`lsof -nP -i |grep "^sshd" | awk '{print $2,$9}' |grep "^$PID" |grep ":22" |awk '{print $2}' |cut -d\> -f2 | cut -d\: -f1`
                                                echo "$PORT_ONLY $NAME $IP"
                                        done
                                else 
                                        echo "$PORT_ONLY $NAME DISCONNECTED";
                                fi
                        done) | column -t
                fi

Original comment by doug.bu...@gmail.com on 25 Apr 2014 at 11:49

  • Added labels: ****
  • Removed labels: ****

@GoogleCodeExporter
Copy link
Author

@GoogleCodeExporter GoogleCodeExporter commented Mar 24, 2015

Tested:
https://groups.google.com/d/topic/security-onion-testing/bYFnVxQNKDc/discussion

Published:
http://blog.securityonion.net/2014/04/new-securityonion-sostat-package.html

Original comment by doug.bu...@gmail.com on 29 Apr 2014 at 11:09

  • Changed state: Verified
  • Added labels: ****
  • Removed labels: ****

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

No branches or pull requests

1 participant