Initial commit

agapoff · Nov 16, 2016 · 6dca90e · 6dca90e
commit 6dca90e
Show file tree

Hide file tree

Showing 11 changed files with 566 additions and 0 deletions.
diff --git a/Makefile b/Makefile
@@ -0,0 +1,9 @@
+install:
+	install -d -m 755 ${DESTDIR}/opt/tcptracer
+	install -d -m 755 ${DESTDIR}/var/log/tcptracer
+	install -d -m 755 ${DESTDIR}/etc/logrotate.d
+	install -d -m 755 ${DESTDIR}/usr/lib/systemd/system/
+	install -m 755 src/tcptracer*  ${DESTDIR}/opt/tcptracer/
+	install -m 755 src/config.ini  ${DESTDIR}/opt/tcptracer/
+	install -m 755 logrotate.d/tcptracer  ${DESTDIR}/etc/logrotate.d/
+	install -m 755 systemd/tcptracer.service ${DESTDIR}/usr/lib/systemd/system/
diff --git a/README.md b/README.md
@@ -0,0 +1,2 @@
+TCP Tracer
+With spec-file for CentOS7 / SystemD
diff --git a/build_rpm.sh b/build_rpm.sh
@@ -0,0 +1,3 @@
+#!/bin/sh
+PKG_NAME=`basename $(pwd)`
+tar cvzf ../${PKG_NAME}.tar.gz --exclude=*/.git ../${PKG_NAME}/ ; rpmbuild -ta ../${PKG_NAME}.tar.gz; rm -f ../${PKG_NAME}.tar.gz
diff --git a/logrotate.d/tcptracer b/logrotate.d/tcptracer
@@ -0,0 +1,9 @@
+/var/log/tcptracer/*log {
+    create 0644 root root
+    daily
+    rotate 10
+    missingok
+    compress
+    sharedscripts
+}
+
diff --git a/src/Output/elasticsearch.pm b/src/Output/elasticsearch.pm
@@ -0,0 +1,92 @@
+package Output::elasticsearch;
+
+use strict;
+use LWP::UserAgent;
+use Data::Dumper;
+use JSON;
+use POSIX qw(strftime);
+use Time::HiRes qw(gettimeofday);
+
+our %EStemplate = (
+	template => "tcptracer-*",
+	settings => { number_of_shards => 1 },
+	mappings => {
+		tcpretr => {
+			properties => {
+				"\@timestamp" => { type => "date" },
+				local_ip => { type => "ip" },
+				peer_ip => { type => "ip" },
+				local_port => { type => "integer" },
+				peer_port => { type => "integer" },
+				side => { type => "string" },
+				task => { type => "string" },
+				state => { type => "string" },
+				hostname => { type => "string" }
+			}
+		}
+	}
+);
+
+our $ua = LWP::UserAgent->new;
+$ua->timeout(3);
+our $hostname;
+
+sub init {
+    my $cfg = shift;
+    my $write_log = shift;
+
+	$hostname=`hostname -s` || 'localhost';
+	chomp $hostname;
+
+	my $response = $ua->get($cfg->{url}.'/_template/tcptracer');
+	if ($response->{_rc} == 200) {
+		$write_log->("ES is accessible. Index template is in place");
+		return 1
+	} 
+	elsif ($response->{_rc} == 404) {
+		$write_log->("ES is accessible. Template is absent. Let's create it");
+		my $response = $ua->put($cfg->{url}.'/_template/tcptracer', 'Content' => encode_json \%EStemplate);
+		if ($response->is_success) {
+			$write_log->("Index template created successfully");
+			return 1;
+		} else {
+			$write_log->("Failed creating index template");
+			$write_log->($response->decoded_content);
+			return 0;
+		}
+	} 
+	else {
+		$write_log->($response->status_line);
+		return 0;
+	}
+}
+
+
+sub push {
+    my $event = shift;
+    my $cfg = shift;
+    my $write_log = shift;
+	my $index = "tcptracer-".strftime("%Y.%m.%d", gmtime);
+	$event->{"\@timestamp"} = int (gettimeofday * 1000);
+	$event->{hostname} = $hostname;
+	my $data;
+	eval {
+		$data = encode_json($event);
+	};
+	if ($@) {
+		$write_log->("Error encoding json [$@]");
+		return 0;
+	}
+	print "Sending to ".$cfg->{url}."/$index/tcpretr"." : ".$data."\n" if ($cfg->{debug} eq 'true');
+	my $response = $ua->post($cfg->{url}."/$index/tcpretr", 'Content' => $data);
+	if ($response->is_success) {
+		$write_log->("Successfully sent event to ES");
+        return 1;
+    } else {
+        $write_log->("Failed writing event to index");
+        $write_log->($response->decoded_content);
+        return 0;
+    }
+}
+
+1;
diff --git a/src/Output/file.pm b/src/Output/file.pm
@@ -0,0 +1,36 @@
+package Output::file;
+
+use strict;
+use POSIX qw(strftime);
+use Data::Dumper;
+
+sub init {
+    my $cfg = shift;
+	my $write_log = shift;
+    if (open FILE, '>>'.$cfg->{path}) {
+		$write_log->("File $cfg->{path} is writable");
+		close FILE;
+		return 1;
+	} else {
+		$write_log->("File $cfg->{path} is not writable");
+		return 0;
+	}
+}
+
+sub push {
+    my $event = shift;
+    my $cfg = shift;
+    my $write_log = shift;
+
+	my $date = strftime "%Y-%m-%d %H:%M:%S", localtime;
+	if (open FILE, '>>'.$cfg->{path}) {
+		print FILE $date.' '.$event->{local_ip}.':'.$event->{local_port}.' '.$event->{side}.' '.$event->{peer_ip}.':'.$event->{peer_port}."\n";
+		close FILE;
+	} else {
+		$write_log->("Error opening file ".$cfg->{path});
+	}
+    $write_log->("Pushing to file ".$cfg->{path});
+}
+
+
+1;
diff --git a/src/config.ini b/src/config.ini
@@ -0,0 +1,12 @@
+# in seconds
+interval = 2
+debug = true
+
+output = elasticsearch,file
+
+[elasticsearch]
+url = http://elastics.quotix.io:9200
+debug = true
+
+[file]
+path = /var/log/tcptracer/output.log
diff --git a/src/tcptracer.pl b/src/tcptracer.pl
@@ -0,0 +1,29 @@
+#!/usr/bin/perl
+
+#
+# Vitaly Agapov agapov.vitaly@gmail.com
+#
+# v1.0 2016-11-15
+#
+# TCP Tracer
+#
+use strict;
+use warnings;
+BEGIN {
+    use File::Basename;
+    use lib dirname(__FILE__);
+}
+use tcptracer;
+
+sub cleanup {
+    tcptracer->cleanup();
+}
+local $SIG{INT} = \&cleanup;
+local $SIG{QUIT} = \&cleanup;
+local $SIG{TERM} = \&cleanup;
+local $SIG{PIPE} = \&cleanup;
+local $SIG{HUP} = \&cleanup;
+
+
+tcptracer->new()->run();
+print "Finished";