D4 Client tmux script (auth.log and Suricata eve.log)

d4-tmux.sh

#!/bin/bash

tmux new-session -d -s d4

tmux send-keys -t d4 'tmux new-window -n d4-auth ' ENTER
tmux send-keys -t d4 'tmux new-window -n d4-eve ' ENTER
tmux send-keys -t d4 'tmux new-window -n suricata ' ENTER

# D4 - auth.log
tmux send-keys -t d4 'tmux send-keys -t d4-auth "tail -F /var/log/auth.log | grep --line-buffered sshd | egrep --line-buffered '"'Invalid user'"' | /home/user/d4-goclient/d4-goclient_linux_amd64 -c /home/administrator/d4-goclient/confs/ssh/" ENTER' ENTER

# D4 - eve.log
var=$(cat <<SETVAR
'tmux send-keys -t d4-eve "tail -F /var/log/suricata/eve.json | grep --line-buffered -a '\"event_type\":\"alert\"' | /home/user/d4-goclient/d4-goclient_linux_amd64 -c /home/user/d4-goclient/confs/suricata/" ENTER'
SETVAR
)
tmux send-keys -t d4 "'$var'" ENTER

# Suricata Logs Watch
tmux send-keys -t d4 'tmux send-keys -t suricata "watch tail -n20 /var/log/suricata/fast.log" ENTER' ENTER

## Attach to session
tmux send-keys -t d4 'tmux select-window -t suricata' ENTER
tmux attach -t d4