sostat: only display "Top 50 URLs for yesterday" if http_agent is enabled #517

Closed
GoogleCodeExporter opened this Issue Mar 24, 2015 · 2 comments

Comments

Projects
None yet
1 participant
sostat: only display "Top 50 URLs for yesterday" if http_agent is enabled

Original issue reported on code.google.com by doug.bu...@gmail.com on 27 Mar 2014 at 2:59

        # check for active http_agent
        num_http_agents=$(mysql -uroot -Dsecurityonion_db -e "select * from sensor where agent_type='http' and active='Y';" | wc -l)
        if [ $num_http_agents -gt 0 ]; then
                echo
                header "Top 50 URLs for yesterday"
                mysql -uroot -Dsecurityonion_db -e "select count(*) as Totals, event.signature as Signature from event where event.signature_gen = 10001 and event.signature_id = 420042 and event.timestamp<curdate() and event.timestamp>DATE_ADD(CURDATE(), INTERVAL -1 DAY) group by event.signature order by Totals desc limit 50;"
                mysql -uroot -Dsecurityonion_db -e "select count(*) as Total from event where event.signature_gen = 10001 and event.signature_id = 420042 and event.timestamp<curdate() and event.timestamp>DATE_ADD(CURDATE(), INTERVAL -1 DAY);"
        fi

Original comment by doug.bu...@gmail.com on 25 Apr 2014 at 11:56

  • Added labels: ****
  • Removed labels: ****
Tested:
https://groups.google.com/d/topic/security-onion-testing/bYFnVxQNKDc/discussion

Published:
http://blog.securityonion.net/2014/04/new-securityonion-sostat-package.html

Original comment by doug.bu...@gmail.com on 29 Apr 2014 at 11:09

  • Changed state: Verified
  • Added labels: ****
  • Removed labels: ****
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment