Skip to content

Suricata

SNMP Extend

  1. Install the extend.
apt-get install libjson-perl libfile-path-perl libfile-slurp-perl libmime-base64-perl cpanminus
cpanm Suricata::Monitoring

pkg install p5-JSON p5-File-Path p5-File-Slurp p5-Time-Piece p5-MIME-Base64 p5-Hash-Flatten p5-Carp p5-App-cpanminus
cpanm Suricata::Monitoring

cpanm Suricata::Monitoring

  1. Setup cron. Below is a example.

    */5 * * * * /usr/local/bin/suricata_stat_check > /dev/null

  2. Configure snmpd.conf

    extend suricata-stats /usr/bin/env PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin suricata_stat_check -c

Or if you want to use try compressing the return via Base64+GZIP...

```bash
extend suricata-stats /usr/bin/env PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin suricata_stat_check -c -b
```
  1. Restart snmpd on your system.

You will want to make sure Suricata is set to output the stats to the eve file once a minute. This will help make sure that it won't be to far back in the file and will make sure it is recent when the cronjob runs.

Any configuration of suricata_stat_check should be done in the cron setup. If the default does not work, check the docs for it at MetaCPAN for suricata_stat_check