securityonion-sostat: check for syslog-ng drops

[dougburks]

https://groups.google.com/d/topic/security-onion/G-phEjqoiuU/discussion

sostat should check for syslog-ng drops via syslog-ng-ctl stats

[dougburks]

The following package is now available at ppa:securityonion/test:

securityonion-sostat - 20120722-0ubuntu0securityonion134

Please test as follows:

• install the latest ISO image in a VM

• run Setup choosing Evaluation Mode

• if possible, create a snapshot of the VM

• add the test PPA:

  sudo add-apt-repository -y ppa:securityonion/test

• install updates:

  sudo soup

• run sostat and verify that there is a new syslog-ng section near the bottom of the output:

  sudo sostat

• create some syslog-ng drops by stopping logstash:

  sudo so-logstash-stop

• create some logs:

  for i in $(seq 1 100); do logger test; done

• run sostat again and verify that the new syslog-ng section now includes a warning about syslog-ng drops:

  sudo sostat

• verify no regressions

• anything else we missed?

Thanks in advance for your time and effort!

[weslambert]

Looks good from my testing 👍

[dougburks]

Thanks @weslambert !

Published: https://blog.securityonion.net/2019/11/securityonion-sostat-20120722.html