securityonion-sostat: check for syslog-ng drops Security-Onion-Soluti…

…ons/security-onion#1660

bin/sostat

@@ -683,6 +683,26 @@ if [ "$ELASTICSEARCH_ENABLED" = "yes" ]; then
 	        fi
 	fi
 fi
+
+# securityonion-sostat: check for syslog-ng drops #1660
+# https://github.com/Security-Onion-Solutions/security-onion/issues/1660
+if pgrep syslog-ng >/dev/null; then
+	echo
+	header "syslog-ng stats"
+	echo
+	syslog-ng-ctl stats |grep -v ";0$"
+	TOTAL_DROPPED=0
+	for LINE in $(syslog-ng-ctl stats |grep ";dropped;"); do 
+		DROPPED=$(echo $LINE | cut -d\; -f6)
+		let TOTAL_DROPPED=TOTAL_DROPPED+DROPPED
+	done
+	if [ $TOTAL_DROPPED -gt 0 ]; then
+		echo
+		echo "WARNING! syslog-ng reports drops!"
+		syslog-ng-ctl stats |grep ";dropped;" | grep -v ";dropped;0$"
+	fi
+fi
+
 if [ -f /etc/timezone ] && ! grep "Etc/UTC" /etc/timezone >/dev/null 2>&1; then
 	echo
 	header "Time Zone"

debian/changelog

@@ -1,3 +1,9 @@
+securityonion-sostat (20120722-0ubuntu0securityonion134) xenial; urgency=medium
+
+  * securityonion-sostat: check for syslog-ng drops Security-Onion-Solutions/security-onion#1660 
+
+ -- Doug Burks <[email protected]>  Wed, 30 Oct 2019 10:14:03 -0400
+
 securityonion-sostat (20120722-0ubuntu0securityonion133) xenial; urgency=medium
 
   * securityonion-sostat: block bad docker packages Security-Onion-Solutions/security-onion#1652 

debian/patches/securityonion-sostat:-check-for-syslog-ng-drops-Security-Onion-Solutionssecurity-onion#1660

@@ -0,0 +1,54 @@
+Description: <short summary of the patch>
+ TODO: Put a short summary on the line above and replace this paragraph
+ with a longer explanation of this change. Complete the meta-information
+ with other relevant fields (see below for details). To make it easier, the
+ information below has been extracted from the changelog. Adjust it or drop
+ it.
+ .
+ securityonion-sostat (20120722-0ubuntu0securityonion134) xenial; urgency=medium
+ .
+   * securityonion-sostat: check for syslog-ng drops Security-Onion-Solutions/security-onion#1660
+Author: Doug Burks <[email protected]>
+
+---
+The information above should follow the Patch Tagging Guidelines, please
+checkout http://dep.debian.net/deps/dep3/ to learn about the format. Here
+are templates for supplementary fields that you might want to add:
+
+Origin: <vendor|upstream|other>, <url of original patch>
+Bug: <url in upstream bugtracker>
+Bug-Debian: https://bugs.debian.org/<bugnumber>
+Bug-Ubuntu: https://launchpad.net/bugs/<bugnumber>
+Forwarded: <no|not-needed|url proving that it has been forwarded>
+Reviewed-By: <name and email of someone who approved the patch>
+Last-Update: <YYYY-MM-DD>
+
+--- securityonion-sostat-20120722.orig/bin/sostat
++++ securityonion-sostat-20120722/bin/sostat
+@@ -683,6 +683,26 @@ if [ "$ELASTICSEARCH_ENABLED" = "yes" ];
+ 	        fi
+ 	fi
+ fi
++
++# securityonion-sostat: check for syslog-ng drops #1660
++# https://github.com/Security-Onion-Solutions/security-onion/issues/1660
++if pgrep syslog-ng >/dev/null; then
++	echo
++	header "syslog-ng stats"
++	echo
++	syslog-ng-ctl stats |grep -v ";0$"
++	TOTAL_DROPPED=0
++	for LINE in $(syslog-ng-ctl stats |grep ";dropped;"); do 
++		DROPPED=$(echo $LINE | cut -d\; -f6)
++		let TOTAL_DROPPED=TOTAL_DROPPED+DROPPED
++	done
++	if [ $TOTAL_DROPPED -gt 0 ]; then
++		echo
++		echo "WARNING! syslog-ng reports drops!"
++		syslog-ng-ctl stats |grep ";dropped;" | grep -v ";dropped;0$"
++	fi
++fi
++
+ if [ -f /etc/timezone ] && ! grep "Etc/UTC" /etc/timezone >/dev/null 2>&1; then
+ 	echo
+ 	header "Time Zone"

debian/patches/series

@@ -125,3 +125,4 @@ sostat:-support-elastic-auth-#1562
 securityonion-sostat:-update-Elastic-verbiage-for-when-components-are-not-running-Security-Onion-Solutionssecurity-onion#1633
 securityonion-sostat:-block-bad-docker-packages-#1652
 securityonion-sostat:-block-bad-docker-packages-Security-Onion-Solutionssecurity-onion#1652-soup
+securityonion-sostat:-check-for-syslog-ng-drops-Security-Onion-Solutionssecurity-onion#1660