diff -Nru securityonion-sostat-20120722/debian/changelog securityonion-sostat-20120722/debian/changelog --- securityonion-sostat-20120722/debian/changelog 2018-03-12 15:13:19.000000000 +0000 +++ securityonion-sostat-20120722/debian/changelog 2018-03-24 11:53:43.000000000 +0000 @@ -1,3 +1,21 @@ +securityonion-sostat (20120722-0ubuntu0securityonion95) trusty; urgency=medium + + * improve formatting + + -- Doug Burks Sat, 24 Mar 2018 07:53:32 -0400 + +securityonion-sostat (20120722-0ubuntu0securityonion94) trusty; urgency=medium + + * iterate over multiple sensors properly + + -- Doug Burks Fri, 23 Mar 2018 16:05:42 -0400 + +securityonion-sostat (20120722-0ubuntu0securityonion93) trusty; urgency=medium + + * no longer using crossclustertab + + -- Doug Burks Fri, 23 Mar 2018 15:48:41 -0400 + securityonion-sostat (20120722-0ubuntu0securityonion92) trusty; urgency=medium * sostat: if redis enabled, show number of events in queue diff -Nru securityonion-sostat-20120722/debian/patches/improve-formatting securityonion-sostat-20120722/debian/patches/improve-formatting --- securityonion-sostat-20120722/debian/patches/improve-formatting 1970-01-01 00:00:00.000000000 +0000 +++ securityonion-sostat-20120722/debian/patches/improve-formatting 2018-03-24 11:53:50.000000000 +0000 @@ -0,0 +1,84 @@ +Description: + TODO: Put a short summary on the line above and replace this paragraph + with a longer explanation of this change. Complete the meta-information + with other relevant fields (see below for details). To make it easier, the + information below has been extracted from the changelog. Adjust it or drop + it. + . + securityonion-sostat (20120722-0ubuntu0securityonion95) trusty; urgency=medium + . + * improve formatting +Author: Doug Burks + +--- +The information above should follow the Patch Tagging Guidelines, please +checkout http://dep.debian.net/deps/dep3/ to learn about the format. Here +are templates for supplementary fields that you might want to add: + +Origin: , +Bug: +Bug-Debian: http://bugs.debian.org/ +Bug-Ubuntu: https://launchpad.net/bugs/ +Forwarded: +Reviewed-By: +Last-Update: + +--- securityonion-sostat-20120722.orig/bin/sostat ++++ securityonion-sostat-20120722/bin/sostat +@@ -551,6 +551,7 @@ if [ "$ELASTICSEARCH_ENABLED" = "yes" ]; + if [ "$LOGSTASH_OUTPUT_REDIS" = "yes" ]; then + echo + header "Redis" ++ echo + if pgrep redis-server >/dev/null 2>&1; then + echo -n "Logs in redis: " + redis-cli LLEN logstash:redis +@@ -642,22 +643,24 @@ if [ "$ELASTICSEARCH_ENABLED" = "yes" ]; + fi + fi + if [ "$ES_RUNNING" ]; then +- echo +- header "Cross Cluster Search" +- /usr/sbin/so-crossclustercheck | jq "." | grep -B2 ":5" |grep -v "\"seeds\"" | grep -v "^--" | paste -d " " - - | while read i; do +- SEED_NAME=`echo $i | cut -d\" -f2` +- SEED_PAIR=`echo $i | cut -d\" -f4` +- SEED_IP=`echo $i | cut -d\" -f4 | cut -d: -f1` +- SEED_PORT=`echo $i | cut -d\" -f4 | cut -d: -f2` +- if nc -vz $SEED_IP $SEED_PORT > /dev/null 2>&1; then +- STATUS="CONNECTED" +- else +- STATUS="NOT CONNECTED" +- fi +- echo $SEED_NAME - $SEED_PAIR - $STATUS +- echo +- done +- fi ++ if [ $(/usr/sbin/so-crossclustercheck | jq "." | grep -B2 ":5" |grep -v "\"seeds\"" | grep -v "^--" | paste -d " " - - | wc -l) -gt 0 ]; then ++ echo ++ header "Cross Cluster Search" ++ /usr/sbin/so-crossclustercheck | jq "." | grep -B2 ":5" |grep -v "\"seeds\"" | grep -v "^--" | paste -d " " - - | while read i; do ++ SEED_NAME=`echo $i | cut -d\" -f2` ++ SEED_PAIR=`echo $i | cut -d\" -f4` ++ SEED_IP=`echo $i | cut -d\" -f4 | cut -d: -f1` ++ SEED_PORT=`echo $i | cut -d\" -f4 | cut -d: -f2` ++ if nc -vz $SEED_IP $SEED_PORT > /dev/null 2>&1; then ++ STATUS="CONNECTED" ++ else ++ STATUS="NOT CONNECTED" ++ fi ++ echo ++ echo $SEED_NAME - $SEED_PAIR - $STATUS ++ done ++ fi ++ fi + fi + if [ -f /etc/timezone ] && ! grep "Etc/UTC" /etc/timezone >/dev/null 2>&1; then + echo +@@ -672,6 +675,7 @@ if [ -f $FILE ]; then + source $FILE + echo + header "Version Information" ++ echo + echo $PRETTY_NAME + if [[ $ALL_PKGS == 1 ]]; then + echo diff -Nru securityonion-sostat-20120722/debian/patches/iterate-over-multiple-sensors-properly securityonion-sostat-20120722/debian/patches/iterate-over-multiple-sensors-properly --- securityonion-sostat-20120722/debian/patches/iterate-over-multiple-sensors-properly 1970-01-01 00:00:00.000000000 +0000 +++ securityonion-sostat-20120722/debian/patches/iterate-over-multiple-sensors-properly 2018-03-23 20:06:28.000000000 +0000 @@ -0,0 +1,36 @@ +Description: + TODO: Put a short summary on the line above and replace this paragraph + with a longer explanation of this change. Complete the meta-information + with other relevant fields (see below for details). To make it easier, the + information below has been extracted from the changelog. Adjust it or drop + it. + . + securityonion-sostat (20120722-0ubuntu0securityonion94) trusty; urgency=medium + . + * iterate over multiple sensors properly +Author: Doug Burks + +--- +The information above should follow the Patch Tagging Guidelines, please +checkout http://dep.debian.net/deps/dep3/ to learn about the format. Here +are templates for supplementary fields that you might want to add: + +Origin: , +Bug: +Bug-Debian: http://bugs.debian.org/ +Bug-Ubuntu: https://launchpad.net/bugs/ +Forwarded: +Reviewed-By: +Last-Update: + +--- securityonion-sostat-20120722.orig/bin/sostat ++++ securityonion-sostat-20120722/bin/sostat +@@ -644,7 +644,7 @@ if [ "$ELASTICSEARCH_ENABLED" = "yes" ]; + if [ "$ES_RUNNING" ]; then + echo + header "Cross Cluster Search" +- /usr/sbin/so-crossclustercheck | jq "." | grep -B2 ":5" |grep -v "\"seeds\"" | paste -d " " - - | while read i; do ++ /usr/sbin/so-crossclustercheck | jq "." | grep -B2 ":5" |grep -v "\"seeds\"" | grep -v "^--" | paste -d " " - - | while read i; do + SEED_NAME=`echo $i | cut -d\" -f2` + SEED_PAIR=`echo $i | cut -d\" -f4` + SEED_IP=`echo $i | cut -d\" -f4 | cut -d: -f1` diff -Nru securityonion-sostat-20120722/debian/patches/no-longer-using-crossclustertab securityonion-sostat-20120722/debian/patches/no-longer-using-crossclustertab --- securityonion-sostat-20120722/debian/patches/no-longer-using-crossclustertab 1970-01-01 00:00:00.000000000 +0000 +++ securityonion-sostat-20120722/debian/patches/no-longer-using-crossclustertab 2018-03-23 19:49:17.000000000 +0000 @@ -0,0 +1,85 @@ +Description: + TODO: Put a short summary on the line above and replace this paragraph + with a longer explanation of this change. Complete the meta-information + with other relevant fields (see below for details). To make it easier, the + information below has been extracted from the changelog. Adjust it or drop + it. + . + securityonion-sostat (20120722-0ubuntu0securityonion93) trusty; urgency=medium + . + * no longer using crossclustertab +Author: Doug Burks + +--- +The information above should follow the Patch Tagging Guidelines, please +checkout http://dep.debian.net/deps/dep3/ to learn about the format. Here +are templates for supplementary fields that you might want to add: + +Origin: , +Bug: +Bug-Debian: http://bugs.debian.org/ +Bug-Ubuntu: https://launchpad.net/bugs/ +Forwarded: +Reviewed-By: +Last-Update: + +--- securityonion-sostat-20120722.orig/bin/sostat ++++ securityonion-sostat-20120722/bin/sostat +@@ -1,12 +1,26 @@ + #!/bin/bash + # +-# /usr/sbin/sostat ++# Copyright 2014,2015,2016,2017,2018 Security Onion Solutions, LLC + # ++# This program is free software: you can redistribute it and/or modify ++# it under the terms of the GNU General Public License as published by ++# the Free Software Foundation, either version 3 of the License, or ++# (at your option) any later version. ++# ++# This program is distributed in the hope that it will be useful, ++# but WITHOUT ANY WARRANTY; without even the implied warranty of ++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++# GNU General Public License for more details. ++# ++# You should have received a copy of the GNU General Public License ++# along with this program. If not, see . ++ + # Written by: + # Doug Burks + # Fixes contributed by: + # Stephane Chazelas + # Shane Castle ++# Wes Lambert + # Freq_server and Domain_stats components written by: + # Justin Henderson + +@@ -627,14 +641,14 @@ if [ "$ELASTICSEARCH_ENABLED" = "yes" ]; + echo && echo -e "Domain_stats is not running.\n\nTry starting it with:\n\n'sudo so-elastic-start'\n OR\n'sudo docker start so-domainstats'\n\n\nIf that does not work, try checking /var/log/domain_stats/domain_stats.log for clues." + fi + fi +- if [ -f /etc/nsm/crossclustertab ] && [ -s /etc/nsm/crossclustertab ]; then ++ if [ "$ES_RUNNING" ]; then + echo + header "Cross Cluster Search" +- while read i; do +- SEED_NAME=`echo $i | awk '{print $1}'` +- SEED_PAIR=`echo $i | awk '{print $2}'` +- SEED_IP=`echo $i | awk '{print $2}' | cut -d: -f1` +- SEED_PORT=`echo $i | awk '{print $2}' | cut -d: -f2` ++ /usr/sbin/so-crossclustercheck | jq "." | grep -B2 ":5" |grep -v "\"seeds\"" | paste -d " " - - | while read i; do ++ SEED_NAME=`echo $i | cut -d\" -f2` ++ SEED_PAIR=`echo $i | cut -d\" -f4` ++ SEED_IP=`echo $i | cut -d\" -f4 | cut -d: -f1` ++ SEED_PORT=`echo $i | cut -d\" -f4 | cut -d: -f2` + if nc -vz $SEED_IP $SEED_PORT > /dev/null 2>&1; then + STATUS="CONNECTED" + else +@@ -642,7 +656,7 @@ if [ "$ELASTICSEARCH_ENABLED" = "yes" ]; + fi + echo $SEED_NAME - $SEED_PAIR - $STATUS + echo +- done /dev/null 2>&1; then diff -Nru securityonion-sostat-20120722/debian/patches/series securityonion-sostat-20120722/debian/patches/series --- securityonion-sostat-20120722/debian/patches/series 2018-03-12 15:13:25.000000000 +0000 +++ securityonion-sostat-20120722/debian/patches/series 2018-03-24 11:53:48.000000000 +0000 @@ -89,3 +89,6 @@ merge-pr-26 merge-pr-27 sostat:-if-redis-enabled,-show-number-of-events-in-queue +no-longer-using-crossclustertab +iterate-over-multiple-sensors-properly +improve-formatting