2020-01-23 18:01:56 +01:00
|
|
|
package main
|
|
|
|
|
|
|
|
|
|
import (
|
2020-01-31 11:44:01 +01:00
|
|
|
"bufio"
|
2020-01-23 18:01:56 +01:00
|
|
|
"flag"
|
|
|
|
|
"fmt"
|
|
|
|
|
"log"
|
|
|
|
|
"os"
|
|
|
|
|
"os/signal"
|
|
|
|
|
"strconv"
|
|
|
|
|
"strings"
|
2020-01-28 15:20:09 +01:00
|
|
|
"sync"
|
2020-01-24 12:00:49 +01:00
|
|
|
"time"
|
2020-01-23 18:01:56 +01:00
|
|
|
|
2020-03-06 17:02:46 +01:00
|
|
|
"github.com/D4-project/analyzer-d4-log/logcompiler"
|
2020-01-23 18:01:56 +01:00
|
|
|
config "github.com/D4-project/d4-golang-utils/config"
|
|
|
|
|
"github.com/gomodule/redigo/redis"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
type (
|
2020-03-06 17:02:46 +01:00
|
|
|
// Input is a grok - NIFI or Logstash
|
|
|
|
|
redisconfInput struct {
|
|
|
|
|
redisHost string
|
|
|
|
|
redisPort string
|
|
|
|
|
redisDB int
|
2020-01-24 12:00:49 +01:00
|
|
|
}
|
2020-03-04 15:58:07 +01:00
|
|
|
redisconfCompilers struct {
|
2020-01-24 12:00:49 +01:00
|
|
|
redisHost string
|
|
|
|
|
redisPort string
|
|
|
|
|
redisDBCount int
|
|
|
|
|
}
|
|
|
|
|
conf struct {
|
|
|
|
|
httpHost string
|
|
|
|
|
httpPort string
|
2020-01-23 18:01:56 +01:00
|
|
|
}
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
// Setting up flags
|
|
|
|
|
var (
|
2020-03-06 17:02:46 +01:00
|
|
|
// Flags
|
|
|
|
|
confdir = flag.String("c", "conf.sample", "configuration directory")
|
|
|
|
|
all = flag.Bool("a", true, "run all compilers when set. Set by default")
|
|
|
|
|
specific = flag.String("o", "", "run only a specific parser [sshd]")
|
|
|
|
|
debug = flag.Bool("d", false, "debug info in logs")
|
|
|
|
|
fromfile = flag.String("f", "", "parse from file on disk")
|
|
|
|
|
retry = flag.Int("r", 1, "time in minute before retry on empty d4 queue")
|
|
|
|
|
flush = flag.Bool("F", false, "Flush HTML output, recompile all statistic from redis logs, then quits")
|
|
|
|
|
// Pools of redis connections
|
|
|
|
|
redisCompilers *redis.Pool
|
|
|
|
|
redisInput *redis.Pool
|
|
|
|
|
// Compilers
|
2020-03-04 15:58:07 +01:00
|
|
|
compilers = [1]string{"sshd"}
|
2020-01-31 14:44:27 +01:00
|
|
|
compilationTrigger = 20
|
2020-03-06 17:02:46 +01:00
|
|
|
torun = []logcompiler.Compiler{}
|
|
|
|
|
// Routine handling
|
|
|
|
|
wg sync.WaitGroup
|
2020-01-23 18:01:56 +01:00
|
|
|
)
|
|
|
|
|
|
|
|
|
|
func main() {
|
|
|
|
|
sortie := make(chan os.Signal, 1)
|
|
|
|
|
signal.Notify(sortie, os.Interrupt, os.Kill)
|
|
|
|
|
// Signal goroutine
|
|
|
|
|
go func() {
|
|
|
|
|
<-sortie
|
|
|
|
|
fmt.Println("Exiting.")
|
2020-03-06 17:02:46 +01:00
|
|
|
// TODO: handle the pulling routine
|
|
|
|
|
// wg.Wait()
|
2020-01-23 18:01:56 +01:00
|
|
|
log.Println("Exit")
|
|
|
|
|
os.Exit(0)
|
|
|
|
|
}()
|
|
|
|
|
|
|
|
|
|
// Setting up log file
|
|
|
|
|
f, err := os.OpenFile("analyzer-d4-log.log", os.O_RDWR|os.O_CREATE|os.O_APPEND, 0666)
|
|
|
|
|
if err != nil {
|
|
|
|
|
log.Fatalf("error opening file: %v", err)
|
|
|
|
|
}
|
|
|
|
|
defer f.Close()
|
|
|
|
|
log.SetOutput(f)
|
|
|
|
|
log.Println("Init")
|
|
|
|
|
|
|
|
|
|
// Usage and flags
|
|
|
|
|
flag.Usage = func() {
|
|
|
|
|
fmt.Printf("analyzer-d4-log:\n\n")
|
2020-03-04 15:58:07 +01:00
|
|
|
fmt.Printf(" Generate statistics about logs collected through d4 in HTML format.\n")
|
|
|
|
|
fmt.Printf(" Logs should be groked and served as escaped JSON.\n")
|
2020-01-23 18:01:56 +01:00
|
|
|
fmt.Printf("\n")
|
|
|
|
|
flag.PrintDefaults()
|
|
|
|
|
fmt.Printf("\n")
|
|
|
|
|
fmt.Printf("The configuration directory should hold the following files\n")
|
|
|
|
|
fmt.Printf("to specify the settings to use:\n\n")
|
2020-01-24 12:00:49 +01:00
|
|
|
fmt.Printf(" mandatory: redis_d4 - host:port/db\n")
|
2020-01-23 18:01:56 +01:00
|
|
|
fmt.Printf(" mandatory: redis_queue - uuid\n")
|
2020-03-06 17:02:46 +01:00
|
|
|
fmt.Printf(" mandatory: redis_compilers - host:port/maxdb\n")
|
2020-01-23 18:01:56 +01:00
|
|
|
fmt.Printf(" optional: http_server - host:port\n\n")
|
|
|
|
|
fmt.Printf("See conf.sample for an example.\n")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Config
|
2020-01-24 12:00:49 +01:00
|
|
|
// c := conf{}
|
2020-03-06 17:02:46 +01:00
|
|
|
ri := redisconfInput{}
|
2020-03-04 15:58:07 +01:00
|
|
|
rp := redisconfCompilers{}
|
2020-01-23 18:01:56 +01:00
|
|
|
flag.Parse()
|
|
|
|
|
if flag.NFlag() == 0 || *confdir == "" {
|
|
|
|
|
flag.Usage()
|
|
|
|
|
os.Exit(1)
|
|
|
|
|
} else {
|
|
|
|
|
*confdir = strings.TrimSuffix(*confdir, "/")
|
|
|
|
|
*confdir = strings.TrimSuffix(*confdir, "\\")
|
|
|
|
|
}
|
|
|
|
|
|
2020-01-30 17:31:47 +01:00
|
|
|
// Debug log
|
|
|
|
|
if *debug {
|
|
|
|
|
log.SetFlags(log.LstdFlags | log.Lshortfile)
|
|
|
|
|
}
|
|
|
|
|
|
2020-03-06 17:02:46 +01:00
|
|
|
// Dont't touch input server if Flushing
|
2020-02-05 10:45:05 +01:00
|
|
|
if !*flush {
|
2020-03-06 17:02:46 +01:00
|
|
|
// Parse Input Redis Config
|
|
|
|
|
tmp := config.ReadConfigFile(*confdir, "redis_input")
|
2020-02-05 10:45:05 +01:00
|
|
|
ss := strings.Split(string(tmp), "/")
|
|
|
|
|
if len(ss) <= 1 {
|
2020-03-06 17:02:46 +01:00
|
|
|
log.Fatal("Missing Database in Redis input config: should be host:port/database_name")
|
2020-02-05 10:45:05 +01:00
|
|
|
}
|
2020-03-06 17:02:46 +01:00
|
|
|
ri.redisDB, _ = strconv.Atoi(ss[1])
|
2020-02-05 10:45:05 +01:00
|
|
|
var ret bool
|
|
|
|
|
ret, ss[0] = config.IsNet(ss[0])
|
2020-02-25 16:03:10 +01:00
|
|
|
if ret {
|
2020-02-05 10:45:05 +01:00
|
|
|
sss := strings.Split(string(ss[0]), ":")
|
2020-03-06 17:02:46 +01:00
|
|
|
ri.redisHost = sss[0]
|
|
|
|
|
ri.redisPort = sss[1]
|
2020-02-25 16:03:10 +01:00
|
|
|
} else {
|
|
|
|
|
log.Fatal("Redis config error.")
|
2020-02-05 10:45:05 +01:00
|
|
|
}
|
2020-01-23 18:01:56 +01:00
|
|
|
}
|
2020-01-24 12:00:49 +01:00
|
|
|
|
2020-03-04 15:58:07 +01:00
|
|
|
// Parse Redis Compilers Config
|
|
|
|
|
tmp := config.ReadConfigFile(*confdir, "redis_compilers")
|
2020-02-05 10:45:05 +01:00
|
|
|
ss := strings.Split(string(tmp), "/")
|
2020-01-24 12:00:49 +01:00
|
|
|
if len(ss) <= 1 {
|
|
|
|
|
log.Fatal("Missing Database Count in Redis config: should be host:port/max number of DB")
|
|
|
|
|
}
|
|
|
|
|
rp.redisDBCount, _ = strconv.Atoi(ss[1])
|
2020-02-05 10:45:05 +01:00
|
|
|
var ret bool
|
2020-01-27 16:07:09 +01:00
|
|
|
ret, ss[0] = config.IsNet(ss[0])
|
2020-02-25 16:03:10 +01:00
|
|
|
if ret {
|
2020-01-24 12:00:49 +01:00
|
|
|
sss := strings.Split(string(ss[0]), ":")
|
|
|
|
|
rp.redisHost = sss[0]
|
|
|
|
|
rp.redisPort = sss[1]
|
2020-02-25 16:03:10 +01:00
|
|
|
} else {
|
|
|
|
|
log.Fatal("Redis config error.")
|
2020-01-24 12:00:49 +01:00
|
|
|
}
|
|
|
|
|
|
2020-03-06 17:02:46 +01:00
|
|
|
// Create a connection Pool for output Redis
|
2020-03-04 15:58:07 +01:00
|
|
|
redisCompilers = newPool(rp.redisHost+":"+rp.redisPort, rp.redisDBCount)
|
2020-03-06 17:02:46 +01:00
|
|
|
redisInput = newPool(ri.redisHost+":"+ri.redisPort, 16)
|
2020-01-24 12:00:49 +01:00
|
|
|
|
2020-03-06 17:02:46 +01:00
|
|
|
// Init compiler depending on the compiler flags:
|
2020-01-24 12:00:49 +01:00
|
|
|
if *all {
|
2020-03-06 17:02:46 +01:00
|
|
|
// Init all compilers
|
2020-03-04 15:58:07 +01:00
|
|
|
for _, v := range compilers {
|
2020-01-24 12:00:49 +01:00
|
|
|
switch v {
|
|
|
|
|
case "sshd":
|
2020-03-06 17:02:46 +01:00
|
|
|
sshdrcon0, err := redisCompilers.Dial()
|
|
|
|
|
if err != nil {
|
|
|
|
|
log.Fatal("Could not connect to input line on Compiler Redis")
|
|
|
|
|
}
|
2020-03-04 15:58:07 +01:00
|
|
|
sshdrcon1, err := redisCompilers.Dial()
|
2020-01-24 12:00:49 +01:00
|
|
|
if err != nil {
|
2020-03-06 17:02:46 +01:00
|
|
|
log.Fatal("Could not connect to output line on Compiler Redis")
|
2020-01-24 12:00:49 +01:00
|
|
|
}
|
2020-03-06 17:02:46 +01:00
|
|
|
sshdrcon2, err := redisInput.Dial()
|
2020-01-27 16:07:09 +01:00
|
|
|
if err != nil {
|
2020-03-06 17:02:46 +01:00
|
|
|
log.Fatal("Could not connect to output line on Input Redis")
|
2020-01-27 16:07:09 +01:00
|
|
|
}
|
2020-03-06 17:02:46 +01:00
|
|
|
sshd := logcompiler.SSHDCompiler{}
|
|
|
|
|
sshd.Set(&wg, &sshdrcon0, &sshdrcon1, &sshdrcon2, ri.redisDB, "sshd", compilationTrigger, *retry)
|
2020-01-28 10:48:19 +01:00
|
|
|
torun = append(torun, &sshd)
|
2020-01-24 12:00:49 +01:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
} else if *specific != "" {
|
2020-03-06 17:02:46 +01:00
|
|
|
log.Println("TODO should run specific compiler here")
|
2020-01-24 12:00:49 +01:00
|
|
|
}
|
|
|
|
|
|
2020-03-06 17:02:46 +01:00
|
|
|
// If we flush, we bypass the compiling loop
|
2020-02-05 10:45:05 +01:00
|
|
|
if *flush {
|
|
|
|
|
for _, v := range torun {
|
|
|
|
|
err := v.Flush()
|
|
|
|
|
if err != nil {
|
|
|
|
|
log.Fatal(err)
|
|
|
|
|
}
|
2020-03-06 17:02:46 +01:00
|
|
|
// TODO
|
|
|
|
|
// compile()
|
2020-02-05 10:45:05 +01:00
|
|
|
}
|
2020-03-06 17:02:46 +01:00
|
|
|
// TODO update that -- deprecated
|
2020-02-05 10:45:05 +01:00
|
|
|
} else if *fromfile != "" {
|
2020-01-31 11:44:01 +01:00
|
|
|
f, err = os.Open(*fromfile)
|
2020-01-30 17:31:47 +01:00
|
|
|
if err != nil {
|
2020-01-31 11:44:01 +01:00
|
|
|
log.Fatalf("Error opening seed file: %v", err)
|
2020-01-30 17:31:47 +01:00
|
|
|
}
|
2020-01-31 11:44:01 +01:00
|
|
|
defer f.Close()
|
|
|
|
|
scanner := bufio.NewScanner(f)
|
|
|
|
|
for scanner.Scan() {
|
2020-03-06 17:02:46 +01:00
|
|
|
// logline := scanner.Text()
|
|
|
|
|
// for _, v := range torun {
|
|
|
|
|
// err := v.Pull(logline)
|
|
|
|
|
// if err != nil {
|
|
|
|
|
// log.Fatal(err)
|
|
|
|
|
// }
|
|
|
|
|
// }
|
|
|
|
|
// nblines++
|
|
|
|
|
// if nblines > compilationTrigger {
|
|
|
|
|
// nblines = 0
|
|
|
|
|
// Non-blocking
|
|
|
|
|
// if !compiling.compiling {
|
|
|
|
|
// go compile()
|
|
|
|
|
// }
|
|
|
|
|
// }
|
2020-01-27 16:07:09 +01:00
|
|
|
}
|
2020-01-31 11:44:01 +01:00
|
|
|
} else {
|
2020-03-06 17:02:46 +01:00
|
|
|
// Launching Pull routines
|
|
|
|
|
for _, v := range torun {
|
|
|
|
|
wg.Add(1)
|
|
|
|
|
go v.Pull()
|
2020-01-28 15:20:09 +01:00
|
|
|
}
|
2020-01-27 16:07:09 +01:00
|
|
|
}
|
2020-01-23 18:01:56 +01:00
|
|
|
|
2020-01-28 15:20:09 +01:00
|
|
|
wg.Wait()
|
2020-01-23 18:01:56 +01:00
|
|
|
log.Println("Exit")
|
|
|
|
|
}
|
|
|
|
|
|
2020-03-06 17:02:46 +01:00
|
|
|
// TODO: move into compilers
|
2020-01-30 17:31:47 +01:00
|
|
|
|
2020-03-06 17:02:46 +01:00
|
|
|
// func compile() {
|
|
|
|
|
// compiling.mu.Lock()
|
|
|
|
|
// compiling.compiling = true
|
|
|
|
|
// wg.Add(1)
|
2020-01-30 17:31:47 +01:00
|
|
|
|
2020-03-06 17:02:46 +01:00
|
|
|
// log.Println("Compiling")
|
2020-01-30 17:31:47 +01:00
|
|
|
|
2020-03-06 17:02:46 +01:00
|
|
|
// for _, v := range torun {
|
|
|
|
|
// err := v.Compile()
|
|
|
|
|
// if err != nil {
|
|
|
|
|
// log.Fatal(err)
|
|
|
|
|
// }
|
|
|
|
|
// }
|
|
|
|
|
|
|
|
|
|
// log.Println("Done")
|
|
|
|
|
// compiling.compiling = false
|
|
|
|
|
// compiling.mu.Unlock()
|
|
|
|
|
// wg.Done()
|
|
|
|
|
// }
|
2020-01-28 15:20:09 +01:00
|
|
|
|
2020-01-24 12:00:49 +01:00
|
|
|
func newPool(addr string, maxconn int) *redis.Pool {
|
|
|
|
|
return &redis.Pool{
|
|
|
|
|
MaxActive: maxconn,
|
|
|
|
|
MaxIdle: 3,
|
|
|
|
|
IdleTimeout: 240 * time.Second,
|
|
|
|
|
// Dial or DialContext must be set. When both are set, DialContext takes precedence over Dial.
|
|
|
|
|
Dial: func() (redis.Conn, error) { return redis.Dial("tcp", addr) },
|
2020-01-23 18:01:56 +01:00
|
|
|
}
|
|
|
|
|
}
|
