Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Check graylog stream for firewall blocks
#!/bin/sh
# STREAM_ID needs to be replaced with Graylog STREAMID.
DC1_FGT_DENY="$(curl -s --netrc-file /etc/icinga2/secrets/graylog_auth_file -k -H 'Accept: application/json' -X GET "https://dc1-graylog.example.com:443/api/search/universal/relative?query=deny&range=60&filter=streams%3ASTREAM_ID&fields=action%2Cmessage" | jq '.total_results')"
DC2_FGT_DENY="$(curl -s --netrc-file /etc/icinga2/secrets/graylog_auth_file -k -H 'Accept: application/json' -X GET "https://dc2-graylog.example.com:443/api/search/universal/relative?query=deny&range=60&filter=streams%3ASTREAMD_ID&fields=action%2Cmessage" | jq '.total_results')"
echo "Blocked packages: DC1 $DC1_FGT_DENY, DC2 $DC2_FGT_DENY|dc1=$DC1_FGT_DENY dc2=$DC2_FGT_DENY"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.