diff --git a/VERSION b/VERSION index 3267917..1d43a4b 100644 --- a/VERSION +++ b/VERSION @@ -1,2 +1,2 @@ -9.2.0 -9.2.0 \ No newline at end of file +9.2.0.1 +9.2.0.1 diff --git a/app.manifest b/app.manifest index 05b18b7..184ab32 100644 --- a/app.manifest +++ b/app.manifest @@ -4,9 +4,9 @@ "info": { "author": [ { - "company": "Splunk, Inc.", - "email": "support@splunk.com", - "name": "Splunk, Inc." + "company": "erdelynet.com", + "email": "mike@erdelynet.com", + "name": "erdelynet.com" } ], "classification": { @@ -25,11 +25,11 @@ "Network Sessions": "=4.20.2", "Performance": "=4.20.2" }, - "description": "Splunk Add-on for Unix and Linux", + "description": "Technical Add-on for Unix and Linux", "id": { "group": null, - "name": "Splunk_TA_nix", - "version": "9.2.0" + "name": "TA-nix", + "version": "9.2.0.1" }, "license": { "name": "Splunk Software License Agreement", @@ -45,9 +45,9 @@ "releaseNotes": { "name": "README", "text": "./README.txt", - "uri": "https://docs.splunk.com/Documentation/AddOns/released/UnixLinux/Releasenotes" + "uri": "https://git.erdelynet.com/mike/TA-nix/docs/ReleaseNotes.md" }, - "title": "Splunk Add-on for Unix and Linux" + "title": "Technical Add-on for Unix and Linux" }, "inputGroups": null, "platformRequirements": null, @@ -63,4 +63,4 @@ "_indexers" ], "tasks": null -} \ No newline at end of file +} diff --git a/bin/bandwidth.sh b/bin/bandwidth.sh index e5a1364..da3ee0f 100755 --- a/bin/bandwidth.sh +++ b/bin/bandwidth.sh @@ -66,11 +66,11 @@ elif [ "$KERNEL" = "AIX" ] ; then # shellcheck disable=SC2016 FORMAT='{Name=$1; rxPackets_PS=$5; txPackets_PS=$7; rxKB_PS="?"; txKB_PS="?"}' elif [ "$KERNEL" = "Darwin" ] ; then - CMD='sar -n DEV 1 2' + CMD='eval ifconfig -a -u | awk "/^[^ \t]/{i=substr(\$1,1,length(\$1)-1)}/status: active/{print i}" | while read -r int; do netstat -bnI $int -w 1 | head -n3 | sed "s/^/$int/"; done' # shellcheck disable=SC2016 - FILTER='($0 !~ "Average" || $0 ~ "sar" || $2~/lo[0-9]|IFACE/) {next}' + FILTER='$2~/^(input|packets)$/{next}' # shellcheck disable=SC2016 - FORMAT='{Name=$2; rxPackets_PS=$3; txPackets_PS=$5; rxKB_PS=$4/1024; txKB_PS=$6/1024}' + FORMAT='{Name=$1; rxPackets_PS=$2; txPackets_PS=$5; rxKB_PS=$4/1024; txKB_PS=$7/1024}' elif [ "$KERNEL" = "HP-UX" ] ; then # Sample output: http://h20565.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c02263324 CMD='netstat -i 1 2' diff --git a/bin/cpu_metric.sh b/bin/cpu_metric.sh index 04d73df..3f12dd6 100755 --- a/bin/cpu_metric.sh +++ b/bin/cpu_metric.sh @@ -16,9 +16,9 @@ if [ "$KERNEL" = "Linux" ] ; then queryHaveCommand mpstat FOUND_MPSTAT=$? if [ ! -f "/etc/os-release" ] ; then - DEFINE="-v OSName=$(cat /etc/*release | head -n 1| awk -F" release " '{print $1}'| tr ' ' '_') -v OS_version=$(cat /etc/*release | head -n 1| awk -F" release " '{print $2}' | cut -d\. -f1) -v IP_address=$(hostname -I | cut -d\ -f1)" + DEFINE="-v OSName=$(cat /etc/*release | head -n 1| awk -F" release " '{print $1}'| tr ' ' '_') -v OS_version=$(cat /etc/*release | head -n 1| awk -F" release " '{print $2}' | cut -d\. -f1) -v IP_address=$(ip -4 route show default | awk '{print $9}')" else - DEFINE="-v OSName=$(cat /etc/*release | grep '\bNAME=' | cut -d '=' -f2 | tr ' ' '_' | cut -d\" -f2) -v OS_version=$(cat /etc/*release | grep '\bVERSION_ID=' | cut -d '=' -f2 | cut -d\" -f2) -v IP_address=$(hostname -I | cut -d\ -f1)" + DEFINE="-v OSName=$(cat /etc/*release | grep '\bNAME=' | cut -d '=' -f2 | tr ' ' '_' | cut -d\" -f2) -v OS_version=$(cat /etc/*release | grep -E '\b(VERSION|BUILD)_ID=' | cut -d '=' -f2 | cut -d\" -f2) -v IP_address=$(ip -4 route show default | awk '{print $9}')" fi if [ $FOUND_SAR -eq 0 ] ; then CMD='sar -P ALL 1 1' diff --git a/bin/df.sh b/bin/df.sh index a2ab71c..4689cd4 100755 --- a/bin/df.sh +++ b/bin/df.sh @@ -12,6 +12,8 @@ if [ "$KERNEL" = "Linux" ] ; then # shellcheck disable=SC2016 BEGIN='BEGIN { OFS = "\t" }' # shellcheck disable=SC2016 + FILTER_PRE='$2=="btrfs"&&btrfs[$1]==1{next}$2=="btrfs"{btrfs[$1]=1}' + # shellcheck disable=SC2016 FILTER_POST='/(devtmpfs|tmpfs)/ {next}' # shellcheck disable=SC2016 PRINTF=' diff --git a/bin/df_metric.sh b/bin/df_metric.sh index 9f0d020..12d79a1 100755 --- a/bin/df_metric.sh +++ b/bin/df_metric.sh @@ -13,12 +13,14 @@ if [ "$KERNEL" = "Linux" ] ; then assertHaveCommand df CMD='df -k --output=source,fstype,size,used,avail,pcent,itotal,iused,iavail,ipcent,target' if [ ! -f "/etc/os-release" ] ; then - DEFINE="-v OSName=$(cat /etc/*release | head -n 1| awk -F" release " '{print $1}'| tr ' ' '_') -v OS_version=$(cat /etc/*release | head -n 1| awk -F" release " '{print $2}' | cut -d\. -f1) -v IP_address=$(hostname -I | cut -d\ -f1) -v IPv6_Address=$(ip -6 -brief address show scope global | xargs | cut -d ' ' -f 3 | cut -d '/' -f 1)" + DEFINE="-v OSName=$(cat /etc/*release | head -n 1| awk -F" release " '{print $1}'| tr ' ' '_') -v OS_version=$(cat /etc/*release | head -n 1| awk -F" release " '{print $2}' | cut -d\. -f1) -v IP_address=$(ip -4 route show default | awk '{print $9}') -v IPv6_Address=$(ip -6 -brief address show scope global | xargs | cut -d ' ' -f 3 | cut -d '/' -f 1)" else - DEFINE="-v OSName=$(cat /etc/*release | grep '\bNAME=' | cut -d '=' -f2 | tr ' ' '_' | cut -d\" -f2) -v OS_version=$(cat /etc/*release | grep '\bVERSION_ID=' | cut -d '=' -f2 | cut -d\" -f2) -v IP_address=$(hostname -I | cut -d\ -f1) -v IPv6_Address=$(ip -6 -brief address show scope global | xargs | cut -d ' ' -f 3 | cut -d '/' -f 1)" + DEFINE="-v OSName=$(cat /etc/*release | grep '\bNAME=' | cut -d '=' -f2 | tr ' ' '_' | cut -d\" -f2) -v OS_version=$(cat /etc/*release | grep -E '\b(VERSION|BUILD)_ID=' | cut -d '=' -f2 | cut -d\" -f2) -v IP_address=$(ip -4 route show default | awk '{print $9}') -v IPv6_Address=$(ip -6 -brief address show scope global | xargs | cut -d ' ' -f 3 | cut -d '/' -f 1)" fi BEGIN='BEGIN { OFS = "\t" }' FORMAT='{OSName=OSName;OS_version=OS_version;IP_address=IP_address;IPv6_Address=IPv6_Address}' + # shellcheck disable=SC2016 + FILTER_PRE='$2=="btrfs"&&btrfs[$1]==1{next}$2=="btrfs"{btrfs[$1]=1}' # shellcheck disable=SC2016 FILTER_POST='/(devtmpfs|tmpfs)/ {next}' # shellcheck disable=SC2016 diff --git a/bin/hardware.sh b/bin/hardware.sh index db40484..31eefec 100755 --- a/bin/hardware.sh +++ b/bin/hardware.sh @@ -9,7 +9,7 @@ FORMAT='{key = $1; if (NF == 1) {value = ""} else {value = $2; for PRINTF='{printf("%-20s %-s\n", key, value)}' if [ "$KERNEL" = "Linux" ] ; then - TMP_ERROR_FILTER_FILE=$SPLUNK_HOME/var/run/splunk/unix_hardware_error_tmpfile # For filtering out lshw warning from stderr + TMP_ERROR_FILTER_FILE=$(mktemp) # For filtering out lshw warning from stderr queryHaveCommand ip FOUND_IP=$? # CPUs diff --git a/bin/interfaces_metric.sh b/bin/interfaces_metric.sh index 52c799b..d6a75ef 100755 --- a/bin/interfaces_metric.sh +++ b/bin/interfaces_metric.sh @@ -18,9 +18,9 @@ if [ "$KERNEL" = "Linux" ] ; then queryHaveCommand ip FOUND_IP=$? if [ ! -f "/etc/os-release" ] ; then - DEFINE="-v OSName=$(cat /etc/*release | head -n 1| awk -F" release " '{print $1}'| tr ' ' '_') -v OS_version=$(cat /etc/*release | head -n 1| awk -F" release " '{print $2}' | cut -d\. -f1) -v IP_address=$(hostname -I | cut -d\ -f1) -v IPv6_Address=$(ip -6 -brief address show scope global | xargs | cut -d ' ' -f 3 | cut -d '/' -f 1)" + DEFINE="-v OSName=$(cat /etc/*release | head -n 1| awk -F" release " '{print $1}'| tr ' ' '_') -v OS_version=$(cat /etc/*release | head -n 1| awk -F" release " '{print $2}' | cut -d\. -f1) -v IP_address=$(ip -4 route show default | awk '{print $9}') -v IPv6_Address=$(ip -6 -brief address show scope global | xargs | cut -d ' ' -f 3 | cut -d '/' -f 1)" else - DEFINE="-v OSName=$(cat /etc/*release | grep '\bNAME=' | cut -d '=' -f2 | tr ' ' '_' | cut -d\" -f2) -v OS_version=$(cat /etc/*release | grep '\bVERSION_ID=' | cut -d '=' -f2 | cut -d\" -f2) -v IP_address=$(hostname -I | cut -d\ -f1) -v IPv6_Address=$(ip -6 -brief address show scope global | xargs | cut -d ' ' -f 3 | cut -d '/' -f 1)" + DEFINE="-v OSName=$(cat /etc/*release | grep '\bNAME=' | cut -d '=' -f2 | tr ' ' '_' | cut -d\" -f2) -v OS_version=$(cat /etc/*release | grep -E '\b(VERSION|BUILD)_ID=' | cut -d '=' -f2 | cut -d\" -f2) -v IP_address=$(ip -4 route show default | awk '{print $9}') -v IPv6_Address=$(ip -6 -brief address show scope global | xargs | cut -d ' ' -f 3 | cut -d '/' -f 1)" fi if [ $FOUND_IP -eq 0 ]; then CMD_LIST_INTERFACES="eval ip -s a | tee $TEE_DEST|grep 'state UP' | grep mtu | grep -Ev lo | tee -a $TEE_DEST | cut -d':' -f2 | tee -a $TEE_DEST | cut -d '@' -f 1 | tee -a $TEE_DEST | sort -u | tee -a $TEE_DEST" diff --git a/bin/iostat_metric.sh b/bin/iostat_metric.sh index 2a69a6e..da1550e 100755 --- a/bin/iostat_metric.sh +++ b/bin/iostat_metric.sh @@ -11,9 +11,9 @@ if [ "$KERNEL" = "Linux" ] ; then CMD='iostat -xky 1 1' assertHaveCommand "$CMD" if [ ! -f "/etc/os-release" ] ; then - DEFINE="-v OSName=$(cat /etc/*release | head -n 1| awk -F" release " '{print $1}'| tr ' ' '_') -v OS_version=$(cat /etc/*release | head -n 1| awk -F" release " '{print $2}' | cut -d\. -f1) -v IP_address=$(hostname -I | cut -d\ -f1)" + DEFINE="-v OSName=$(cat /etc/*release | head -n 1| awk -F" release " '{print $1}'| tr ' ' '_') -v OS_version=$(cat /etc/*release | head -n 1| awk -F" release " '{print $2}' | cut -d\. -f1) -v IP_address=$(ip -4 route show default | awk '{print $9}')" else - DEFINE="-v OSName=$(cat /etc/*release | grep '\bNAME=' | cut -d '=' -f2 | tr ' ' '_' | cut -d\" -f2) -v OS_version=$(cat /etc/*release | grep '\bVERSION_ID=' | cut -d '=' -f2 | cut -d\" -f2) -v IP_address=$(hostname -I | cut -d\ -f1)" + DEFINE="-v OSName=$(cat /etc/*release | grep '\bNAME=' | cut -d '=' -f2 | tr ' ' '_' | cut -d\" -f2) -v OS_version=$(cat /etc/*release | grep -E '\b(VERSION|BUILD)_ID=' | cut -d '=' -f2 | cut -d\" -f2) -v IP_address=$(ip -4 route show default | awk '{print $9}')" fi FILTER='/Device/ && /r\/s/ && /w\/s/ {f=1;}f' # shellcheck disable=SC2016 diff --git a/bin/ps_metric.sh b/bin/ps_metric.sh index 4855452..30f0878 100755 --- a/bin/ps_metric.sh +++ b/bin/ps_metric.sh @@ -12,9 +12,9 @@ if [ "$KERNEL" = "Linux" -o "$KERNEL" = "Darwin" -o "$KERNEL" = "FreeBSD" ] ; th CMD='ps auxww' if [ "$KERNEL" = "Linux" ] ; then if [ ! -f "/etc/os-release" ] ; then - DEFINE="-v OSName=$(cat /etc/*release | head -n 1| awk -F" release " '{print $1}'| tr ' ' '_') -v OS_version=$(cat /etc/*release | head -n 1| awk -F" release " '{print $2}' | cut -d\. -f1) -v IP_address=$(hostname -I | cut -d\ -f1) -v IPv6_Address=$(ip -6 -brief address show scope global | xargs | cut -d ' ' -f 3 | cut -d '/' -f 1)" + DEFINE="-v OSName=$(cat /etc/*release | head -n 1| awk -F" release " '{print $1}'| tr ' ' '_') -v OS_version=$(cat /etc/*release | head -n 1| awk -F" release " '{print $2}' | cut -d\. -f1) -v IP_address=$(ip -4 route show default | awk '{print $9}') -v IPv6_Address=$(ip -6 -brief address show scope global | xargs | cut -d ' ' -f 3 | cut -d '/' -f 1)" else - DEFINE="-v OSName=$(cat /etc/*release | grep '\bNAME=' | cut -d '=' -f2 | tr ' ' '_' | cut -d\" -f2) -v OS_version=$(cat /etc/*release | grep '\bVERSION_ID=' | cut -d '=' -f2 | cut -d\" -f2) -v IP_address=$(hostname -I | cut -d\ -f1) -v IPv6_Address=$(ip -6 -brief address show scope global | xargs | cut -d ' ' -f 3 | cut -d '/' -f 1)" + DEFINE="-v OSName=$(cat /etc/*release | grep '\bNAME=' | cut -d '=' -f2 | tr ' ' '_' | cut -d\" -f2) -v OS_version=$(cat /etc/*release | grep -E '\b(VERSION|BUILD)_ID=' | cut -d '=' -f2 | cut -d\" -f2) -v IP_address=$(ip -4 route show default | awk '{print $9}') -v IPv6_Address=$(ip -6 -brief address show scope global | xargs | cut -d ' ' -f 3 | cut -d '/' -f 1)" fi elif [ "$KERNEL" = "Darwin" -o "$KERNEL" = "FreeBSD" ] ; then # Filters have been applied to get rid of IPv6 addresses designated for special usage to extract only the global IPv6 address. diff --git a/bin/rlog.sh b/bin/rlog.sh index f1fa92b..72ae084 100755 --- a/bin/rlog.sh +++ b/bin/rlog.sh @@ -7,10 +7,16 @@ # shellcheck disable=SC1091 . "$(dirname "$0")"/common.sh -OLD_SEEK_FILE=$SPLUNK_HOME/var/run/splunk/unix_audit_seekfile # For handling upgrade scenarios +if [ -n "$SPLUNK_DB" ]; then + OLD_SEEK_FILE=$SPLUNK_HOME/var/run/splunk/unix_audit_seekfile # For handling upgrade scenarios + SEEK_FILE=$SPLUNK_HOME/var/run/splunk/unix_audit_seektime +else + # handle the case where this is not being run by the Splunk user from Splunk + OLD_SEEK_FILE=$HOME/.splunk_unix_audit_seekfile # For handling upgrade scenarios + SEEK_FILE=$HOME/.splunk_unix_audit_seektime +fi CURRENT_AUDIT_FILE=/var/log/audit/audit.log # For handling upgrade scenarios -SEEK_FILE=$SPLUNK_HOME/var/run/splunk/unix_audit_seektime -TMP_ERROR_FILTER_FILE=$SPLUNK_HOME/var/run/splunk/unix_rlog_error_tmpfile # For filering out "no matches" error from stderr +TMP_ERROR_FILTER_FILE=$(mktemp) # For filering out "no matches" error from stderr AUDIT_FILE="/var/log/audit/audit.log*" if [ "$KERNEL" = "Linux" ] ; then diff --git a/bin/selinuxChecker.sh b/bin/selinuxChecker.sh index b213dd8..e819196 100755 --- a/bin/selinuxChecker.sh +++ b/bin/selinuxChecker.sh @@ -5,7 +5,7 @@ # shellcheck disable=SC1091 . "$(dirname "$0")"/common.sh -TMP_ERROR_FILTER_FILE=$SPLUNK_HOME/var/run/splunk/unix_selinux_error_tmpfile # For filtering out awk warning from stderr +TMP_ERROR_FILTER_FILE=$(mktemp) # For filtering out awk warning from stderr PRINTF='END {printf "%s app=selinux %s %s %s %s\n", DATE, FILEHASH, SELINUX, SELINUXTYPE, SETLOCALDEFS}' if [ "$KERNEL" = "Linux" ] ; then diff --git a/bin/update.sh b/bin/update.sh index d834c3a..85f0732 100755 --- a/bin/update.sh +++ b/bin/update.sh @@ -5,18 +5,21 @@ # shellcheck disable=SC1091 . "$(dirname "$0")"/common.sh -TMP_ERROR_FILTER_FILE=$SPLUNK_HOME/var/run/splunk/unix_update_error_tmpfile # For filering out apt warning from stderr +TMP_ERROR_FILTER_FILE=$(mktemp) # For filering out apt warning from stderr if [ "$KERNEL" = "Linux" ] ; then assertHaveCommand date OSName=$(cat /etc/*release | grep '\bNAME=' | cut -d '=' -f2 | tr ' ' '_' | cut -d\" -f2) OS_FILE=/etc/os-release # Ubuntu doesn't have yum installed by default hence apt is being used to get the list of upgradable packages - if [ "$OSName" = "Ubuntu" ]; then + if [ "$OSName" = "Ubuntu" ] || [ "$OSName" = "Debian_GNU/Linux" ]; then assertHaveCommand apt assertHaveCommand sed + # For this to work properly, add a line to /etc/sudoers like this: + # splunk ALL=(root) NOPASSWD: /usr/bin/apt update + # Without the above line, 'apt list --upgradable' will not show updated packages unless the package databases were updated outside of this script # sed command here replaces '/, [, ]' with ' ' - CMD='eval date ; eval apt list --upgradable | sed "s/\// /; s/\[/ /; s/\]/ /"' + CMD='eval date ; sudo -n apt update > /dev/null 2>&1 ; eval apt list --upgradable | sed "s/\// /; s/\[/ /; s/\]/ /"' # shellcheck disable=SC2016 PARSE_0='NR==1 {DATE=$0}' # shellcheck disable=SC2016 @@ -33,6 +36,18 @@ if [ "$KERNEL" = "Linux" ] ; then # shellcheck disable=SC2016 PARSE_2='header_found { gsub(/[[:space:]]*\|[[:space:]]*/, "|"); split($0, arr, /\|/); printf "%s repository=%s package=%s current_package_version=%s latest_package_version=%s sles_architecture=%s\n", DATE, arr[2], arr[3], arr[4], arr[5], arr[6]}' MESSAGE="$PARSE_0 $PARSE_1 $PARSE_2" + elif [ "$OSName" = "Arch_Linux" ] || [ "$OSName" = "Arch_Linux_ARM" ]; then + assertHaveCommand checkupdates + assertHaveCommand sed + # For this to work properly, add a line to /etc/sudoers like this: + # splunk ALL=(root) NOPASSWD: /usr/bin/pacman -Syy + # Without the above line, checkupdates will not show updated packages unless the package databases were updated outside of this script (similar to Debian's apt update) + CMD='eval date ; eval uname -m | sed -r "s/(armv7l|aarch64)/arm64/;s/x86_64/amd64/"; sudo -n pacman -Syy > /dev/null 2>&1 ; eval checkupdates' + # shellcheck disable=SC2016 + PARSE_0='NR==1 {DATE=$0}' + PARSE_1='NR==2 {ARCH=$0}' + PARSE_2='NR>2 {printf "%s arch_architecture=%s package=%s current_package_version=%s latest_package_version=%s\n", DATE, ARCH, $1, $2, $4}' + MESSAGE="$PARSE_0 $PARSE_1 $PARSE_2" else assertHaveCommand yum diff --git a/bin/vmstat.sh b/bin/vmstat.sh index 2fc902b..178c09f 100755 --- a/bin/vmstat.sh +++ b/bin/vmstat.sh @@ -26,7 +26,7 @@ if [ "$KERNEL" = "Linux" ] ; then # shellcheck disable=SC2016 PARSE_1='/total memory$/ {memTotalMB=$1/1024} /free memory$/ {memFreeMB+=$1/1024} /buffer memory$/ {memFreeMB+=$1/1024} /swap cache$/ {memFreeMB+=$1/1024}' # shellcheck disable=SC2016 - PARSE_2='/pages paged out$/ {pgPageOut=$1} /used swap$/ {swapUsed=$1} /free swap$/ {swapFree=$1} /pages swapped out$/ {pgSwapOut=$1}' + PARSE_2='/(K|pages) paged out$/ {pgPageOut=$1} /used swap$/ {swapUsed=$1} /free swap$/ {swapFree=$1} /pages swapped out$/ {pgSwapOut=$1}' # shellcheck disable=SC2016 PARSE_3='/interrupts$/ {interrupts=$1} /CPU context switches$/ {cSwitches=$1} /forks$/ {forks=$1}' # shellcheck disable=SC2016 @@ -126,9 +126,9 @@ elif [ "$KERNEL" = "HP-UX" ] ; then elif [ "$KERNEL" = "Darwin" ] ; then assertHaveCommand sysctl assertHaveCommand top - assertHaveCommand sar + assertHaveCommand vm_stat # shellcheck disable=SC2016 - CMD='eval sysctl hw.memsize ; sysctl vm.swapusage ; top -l 1 -n 0; `dirname $0`/hardware.sh; sar -gp 1 2' + CMD='eval sysctl hw.memsize ; sysctl vm.swapusage ; top -l 1 -n 0; `dirname $0`/hardware.sh; vm_stat | awk "/Pageouts:/{print \"pgpageout \" \$NF}/^Swapouts:/{print \"pgswapout \" \$NF}"; vm_stat -c5 1 | tail -n -4 | awk "{pi=pi+\$19;po=po+\$20;si=si+\$21;so=so+\$22}END{printf \"pginps %.2f pgoutps %.2f swinps %.2f swoups %.2f\n\",pi/4,po/4,si/4,so/4}"' FUNCS='function toMB(s) {n=0+s; if (index(s,"K")) {n /= 1024} if (index(s,"G")) {n *= 1024} return n}' # shellcheck disable=SC2016 PARSE_0='/^hw.memsize:/ {memTotalMB=$2 / (1024*1024)}' @@ -137,24 +137,19 @@ elif [ "$KERNEL" = "Darwin" ] ; then # shellcheck disable=SC2016 PARSE_2='/^vm.swapusage:/ {swapUsed=toMB($7); swapFree=toMB($10)}' # shellcheck disable=SC2016 - PARSE_3='/^VM:/ {pgPageOut=0+$7}' - if $OSX_GE_SNOW_LEOPARD; then - # shellcheck disable=SC2016 - PARSE_4='/^Processes:/ {processes=$2; threads=$(NF-1)}' - else - # shellcheck disable=SC2016 - PARSE_4='/^Processes:/ {processes=$2; threads=$(NF-2)}' - fi + PARSE_3='/^pgpageout / {pgPageOut=0+$2}' + # shellcheck disable=SC2016 + PARSE_4='/^Processes:/ {processes=$2; threads=$(NF-1)}' # shellcheck disable=SC2016 PARSE_5='/^Load Avg:/ {loadAvg1mi=0+$3}' # shellcheck disable=SC2016 PARSE_6='/^CPU_COUNT/ {cpuCount=$2}' # shellcheck disable=SC2016 - PARSE_7='($0 ~ "Average" && $1 ~ "pgout*") {next} {pgPageOut_PS=$2}' + PARSE_7='$1 == "pginps" {pgPageIn_PS=$2;pgPageOut_PS=$4;pgSwapIn=$6;pgSwapOut=$8}' # shellcheck disable=SC2016 - PARSE_8='($0 ~ "Average" && $1 ~ "pgin*") {next} {pgPageIn_PS=$2}' + PARSE_8='/^pgswapout / {pgSwapOut=0+$2}' MASSAGE="$FUNCS $PARSE_0 $PARSE_1 $PARSE_2 $PARSE_3 $PARSE_4 $PARSE_5 $PARSE_6 $PARSE_7 $PARSE_8 $DERIVE" - FILL_BLANKS='END {pgSwapOut=cSwitches=interrupts=interrupts_PS=forks="?"}' + FILL_BLANKS='END {cSwitches=interrupts=interrupts_PS=forks="0"}' elif [ "$KERNEL" = "FreeBSD" ] ; then # shellcheck disable=SC2016 CMD='eval sysctl hw.physmem ; vmstat -s ; top -Sb 0; `dirname $0`/hardware.sh' diff --git a/bin/vmstat_metric.sh b/bin/vmstat_metric.sh index b9f4ce7..e0c56e2 100755 --- a/bin/vmstat_metric.sh +++ b/bin/vmstat_metric.sh @@ -23,16 +23,16 @@ if [ "$KERNEL" = "Linux" ] ; then # shellcheck disable=SC2016 CMD='eval uptime ; ps -e | wc -l ; ps -eT | wc -l ; vmstat -s ; `dirname $0`/hardware.sh; sar -B 1 2; sar -I SUM 1 2' if [ ! -f "/etc/os-release" ] ; then - DEFINE="-v OSName=$(cat /etc/*release | head -n 1| awk -F" release " '{print $1}'| tr ' ' '_') -v OS_version=$(cat /etc/*release | head -n 1| awk -F" release " '{print $2}' | cut -d\. -f1) -v IP_address=$(hostname -I | cut -d\ -f1)" + DEFINE="-v OSName=$(cat /etc/*release | head -n 1| awk -F" release " '{print $1}'| tr ' ' '_') -v OS_version=$(cat /etc/*release | head -n 1| awk -F" release " '{print $2}' | cut -d\. -f1) -v IP_address=$(ip -4 route show default | awk '{print $9}')" else - DEFINE="-v OSName=$(cat /etc/*release | grep '\bNAME=' | cut -d '=' -f2 | tr ' ' '_' | cut -d\" -f2) -v OS_version=$(cat /etc/*release | grep '\bVERSION_ID=' | cut -d '=' -f2 | cut -d\" -f2) -v IP_address=$(hostname -I | cut -d\ -f1)" + DEFINE="-v OSName=$(cat /etc/*release | grep '\bNAME=' | cut -d '=' -f2 | tr ' ' '_' | cut -d\" -f2) -v OS_version=$(cat /etc/*release | grep -E '\b(VERSION|BUILD)_ID=' | cut -d '=' -f2 | cut -d\" -f2) -v IP_address=$(ip -4 route show default | awk '{print $9}')" fi # shellcheck disable=SC2016 PARSE_0='NR==1 {loadAvg1mi=0+$(NF-2)} NR==2 {processes=$1} NR==3 {threads=$1}' # shellcheck disable=SC2016 PARSE_1='/total memory$/ {memTotalMB=$1/1024} /free memory$/ {memFreeMB+=$1/1024} /buffer memory$/ {memFreeMB+=$1/1024} /swap cache$/ {memFreeMB+=$1/1024}' # shellcheck disable=SC2016 - PARSE_2='/pages paged out$/ {pgPageOut=$1} /used swap$/ {swapUsed=$1} /free swap$/ {swapFree=$1} /pages swapped out$/ {pgSwapOut=$1}' + PARSE_2='/(K|pages) paged out$/ {pgPageOut=$1} /used swap$/ {swapUsed=$1} /free swap$/ {swapFree=$1} /pages swapped out$/ {pgSwapOut=$1}' # shellcheck disable=SC2016 PARSE_3='/interrupts$/ {interrupts=$1} /CPU context switches$/ {cSwitches=$1} /forks$/ {forks=$1}' # shellcheck disable=SC2016 @@ -136,9 +136,9 @@ elif [ "$KERNEL" = "HP-UX" ] ; then elif [ "$KERNEL" = "Darwin" ] ; then assertHaveCommand sysctl assertHaveCommand top - assertHaveCommand sar + assertHaveCommand vm_stat # shellcheck disable=SC2016 - CMD='eval sysctl hw.memsize ; sysctl vm.swapusage ; top -l 1 -n 0; `dirname $0`/hardware.sh; sar -gp 1 2' + CMD='eval sysctl hw.memsize ; sysctl vm.swapusage ; top -l 1 -n 0; `dirname $0`/hardware.sh; vm_stat | awk "/Pageouts:/{print \"pgpageout \" \$NF}/^Swapouts:/{print \"pgswapout \" \$NF}"; vm_stat -c5 1 | tail -n -4 | awk "{pi=pi+\$19;po=po+\$20;si=si+\$21;so=so+\$22}END{printf \"pginps %.2f pgoutps %.2f swinps %.2f swoups %.2f\n\",pi/4,po/4,si/4,so/4}"' DEFINE="-v OSName=$(uname -s) -v OS_version=$(uname -r) -v IP_address=$(ifconfig -a | grep 'inet ' | grep -v 127.0.0.1 | cut -d\ -f2 | head -n 1)" FUNCS='function toMB(s) {n=0+s; if (index(s,"K")) {n /= 1024} if (index(s,"G")) {n *= 1024} return n}' # shellcheck disable=SC2016 @@ -148,24 +148,19 @@ elif [ "$KERNEL" = "Darwin" ] ; then # shellcheck disable=SC2016 PARSE_2='/^vm.swapusage:/ {swapUsed=toMB($7); swapFree=toMB($10)}' # shellcheck disable=SC2016 - PARSE_3='/^VM:/ {pgPageOut=0+$7}' - if $OSX_GE_SNOW_LEOPARD; then - # shellcheck disable=SC2016 - PARSE_4='/^Processes:/ {processes=$2; threads=$(NF-1)}' - else - # shellcheck disable=SC2016 - PARSE_4='/^Processes:/ {processes=$2; threads=$(NF-2)}' - fi + PARSE_3='/^pgpageout / {pgPageOut=0+$2}' + # shellcheck disable=SC2016 + PARSE_4='/^Processes:/ {processes=$2; threads=$(NF-1)}' # shellcheck disable=SC2016 PARSE_5='/^Load Avg:/ {loadAvg1mi=0+$3}' # shellcheck disable=SC2016 PARSE_6='/^CPU_COUNT/ {cpuCount=$2}' # shellcheck disable=SC2016 - PARSE_7='($0 ~ "Average" && $1 ~ "pgout*") {next} {pgPageOut_PS=$2}' + PARSE_7='$1 == "pginps" {pgPageIn_PS=$2;pgPageOut_PS=$4;pgSwapIn=$6;pgSwapOut=$8}' # shellcheck disable=SC2016 - PARSE_8='($0 ~ "Average" && $1 ~ "pgin*") {next} {pgPageIn_PS=$2}' + PARSE_8='/^pgswapout / {pgSwapOut=0+$2}' MESSAGE="$FUNCS $PARSE_0 $PARSE_1 $PARSE_2 $PARSE_3 $PARSE_4 $PARSE_5 $PARSE_6 $PARSE_7 $PARSE_8 $DERIVE" - FILL_BLANKS='END {pgSwapOut=cSwitches=interrupts=interrupts_PS=forks="?"}' + FILL_BLANKS='END {cSwitches=interrupts=interrupts_PS=forks="0"}' elif [ "$KERNEL" = "FreeBSD" ] ; then # shellcheck disable=SC2016 CMD='eval sysctl hw.physmem ; vmstat -s ; top -Sb 0; `dirname $0`/hardware.sh' diff --git a/default/app.conf b/default/app.conf index 52645ba..444c420 100644 --- a/default/app.conf +++ b/default/app.conf @@ -12,19 +12,19 @@ build = 1720176219 [ui] setup_view = ta_nix_configuration is_visible = true -label = Splunk Add-on for Unix and Linux +label = Technical Add-on for Unix and Linux docs_section_override = AddOns:released [launcher] -author = Splunk, Inc. -version = 9.2.0 -description = Splunk Add-on for Unix and Linux +author = Michael Erdely +version = 9.2.0.1 +description = Technical Add-on for Unix and Linux [package] -id = Splunk_TA_nix +id = TA-unix check_for_updates = true [id] -name = Splunk_TA_nix -version = 9.2.0 +name = TA-unix +version = 9.2.0.1 diff --git a/docs/ReleaseNotes.md b/docs/ReleaseNotes.md new file mode 100644 index 0000000..a28658b --- /dev/null +++ b/docs/ReleaseNotes.md @@ -0,0 +1,18 @@ +# Technical Add-on for Unix and Linux + +## Version 9.2.0.1 + +Initial fork of the Splunk Add-on for Unix and Linux + +Changes: + +* Use ip command to determine IP address + ('hostname -I' does not work on all Linux systems) +* Filter out multiple listing of the same btrfs volume +* Use mktemp for temp files (for times when the TA may be run outside of Splunk) +* If running rlog.sh outside of Splunk, use $HOME to store seek file +* Debian also uses apt +* Arch Linux uses pacman +* Add use of sudo -n for 'apt update' and 'pacman -Syy' +* vmstat uses "K paged out" +* Replace the use of 'sar' with netstat and vm_stat for MacOS diff --git a/splunkbase.manifest b/splunkbase.manifest index 934b98e..7099cc4 100644 --- a/splunkbase.manifest +++ b/splunkbase.manifest @@ -1,10 +1,11 @@ { "version": "1.0", "date": "2024-10-18T12:52:23.073000921Z", + "date": "2025-01-08T18:38:19.132050611Z", "hashAlgorithm": "SHA-256", "app": { "id": 833, - "version": "9.2.0", + "version": "9.2.0.1", "files": [ { "path": "LICENSES/Apache-2.0.txt", @@ -28,11 +29,11 @@ }, { "path": "VERSION", - "hash": "4b083d27782e80fd5bce34252adc7de9e9ab611475e170cb507e49586483025e" + "hash": "fd47b230df0f247b21e965b9529efd00447fdbf1cb1740848b529f79a9feacac" }, { "path": "app.manifest", - "hash": "24b4bb6f47bc1472038f5c983ec91705052162da89555f52a78c9f3c830cfd82" + "hash": "251b481753129caea80da188d33f2b99bbd178560e136ee2936b4e9499e1416e" }, { "path": "appserver/static/appIcon.png", @@ -76,19 +77,19 @@ }, { "path": "bin/cpu_metric.sh", - "hash": "2d175a98ded5f141b20fd3b3847217447b5489b4d989512d8b8679a4f2777a0b" + "hash": "c5e937d91afab8ec06376a0db3c79f37e0da6377ea2b34cfde67793d89fd14d5" }, { "path": "bin/df.sh", - "hash": "27b0ad779340e6bd8a26e296ce9b0b9cd2721eaadcf4669e5579560a676c9db7" + "hash": "15c4e33987209afe1cb807af7aecfbd522107746d318827d161d1ee233d00acf" }, { "path": "bin/df_metric.sh", - "hash": "4457b92d8d8ee24441eb38df2134113f5a821111b7c3573b48313adcee39d3e8" + "hash": "286830c6b30cc9a3e5240e3b63db0edd2c68c9e797d452483dea09b4ad6f48e9" }, { "path": "bin/hardware.sh", - "hash": "20e341826d21047e9cc3b7cd632422f6b9a0364282333616c1f912b4dddb7093" + "hash": "7722f446226609784d219cb525eee3ed65d622ce05122301f65625c6fd2e4434" }, { "path": "bin/interfaces.sh", @@ -96,7 +97,7 @@ }, { "path": "bin/interfaces_metric.sh", - "hash": "9458deb6ba4c56a22264df75d42945e170f6f1a729d93220617c85810733ef19" + "hash": "374e24c7e87669fbd25ded5e56c05fd057c0c272e03e0df6cabcd5db31267db9" }, { "path": "bin/iostat.sh", @@ -104,7 +105,7 @@ }, { "path": "bin/iostat_metric.sh", - "hash": "4af68e89e6a93fa34ccd724ff78a509b7868bc06e60a4f16a6aa24d300d8efc8" + "hash": "59b775cc60e92950605b621989ee17aa947adc07d407c78b657ecedf90452f77" }, { "path": "bin/lastlog.sh", @@ -148,15 +149,15 @@ }, { "path": "bin/ps_metric.sh", - "hash": "0c3dc356f47728b9b99be79fffe40256eded1644f599b1bbe8b1a9e8db05b10d" + "hash": "ff65aec6a98560667d08e1b75f4661d99b5255be239756f89cc72a58d1e44fe2" }, { "path": "bin/rlog.sh", - "hash": "271fcaf091527670df3e794c29d7bf57d1371909c72c25d56c79dd136b029513" + "hash": "96d0cc8f2c0beec46bca37d7ddf73c122f76525b7363d9a2fec92125abab83a2" }, { "path": "bin/selinuxChecker.sh", - "hash": "07135df789924f8d4f5ae8228ccbfe0a5e47756de202fcf00a019a12712d8312" + "hash": "409ad1927603069c7b08e09e60f2edf1c7e50f02eb6a64c7a514693131dc82e6" }, { "path": "bin/service.sh", @@ -184,7 +185,7 @@ }, { "path": "bin/update.sh", - "hash": "048f6e678f873d2b856ec851c52389d9f8d5ccde0fee0ead0dcf5348cc3cb587" + "hash": "2cce5510b8cf94e3c32681c934985a01164e2b63b64d458de9a7dc0ff81bc679" }, { "path": "bin/uptime.sh", @@ -200,11 +201,11 @@ }, { "path": "bin/vmstat.sh", - "hash": "b816aa5e67ad18b995eb577e16ca7c91ae3ecdeeb019d0b79321ade83a90daef" + "hash": "9ce5a407629d5d47c2c3f8b1d046f712d24a232950c54d450ddbc21bd34aea84" }, { "path": "bin/vmstat_metric.sh", - "hash": "47df351e2afd7abedb49f8d38f5350ce6276fdb512005ba56e7ff9692f581515" + "hash": "85c516f1d73b9cb45e3b16819fada786753fa417f2fbded1955ccace62de41f8" }, { "path": "bin/vsftpdChecker.sh", @@ -216,7 +217,7 @@ }, { "path": "default/app.conf", - "hash": "451c717df6073aabd78b5ba4abb33ac71b6d61df8d46a243913b01ed9ac77040" + "hash": "e5c48e804d836b03361fea96c1e78f265116f5117a739f4dad9bc1916ad873f8" }, { "path": "default/data/ui/nav/default.xml", @@ -320,7 +321,8 @@ "9.0", "9.1", "9.2", - "9.3" + "9.3", + "9.4" ], "architectures": [ "x86_64" @@ -356,4 +358,4 @@ ] } ] -} \ No newline at end of file +}