/routebeat

An elastic beat to capture network routes
  1. Go 94.8%
  2. Makefile 5.2%
Switch branches/tags
Nothing to show
Find file
Clone or download

Clone with HTTPS

Use Git or checkout with SVN using the web URL.

Download ZIP

Launching GitHub Desktop...

If nothing happens, download GitHub Desktop and try again.

Launching GitHub Desktop...

If nothing happens, download GitHub Desktop and try again.

Launching Xcode...

If nothing happens, download Xcode and try again.

Launching Visual Studio...

If nothing happens, download the GitHub extension for Visual Studio and try again.

Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
Godeps
docs
etc
.gitignore
.travis.yml
LICENSE
Makefile
README.md
appveyor.yml
config.go
main.go
routebeat.go
routebeat_test.go

README.md

routebeat

Travis GoReportCard codecov.io

For constantly tracing routes

routebeat sends ICMP pings to a list of targets to record TCP/IP routing information.
It uses github.com/aeden/traceroute for sending/recieving ping packets and tracing routes. As well as elastic/libbeat to talk to Elasticsearch and other outputs. Essentially, those two libraries do all the heavy lifting, routebeat is just glue around them.

Routebeat has three events it can publish, including:

  • Route summary stats (with a type of "route")
  • Route hop messages (with a type of "route_hop")
  • Route changes during a beat run (with a type of "route_change")

By default, only the first route event is published.

Requirements

routebeat has the same requirements around the Go environment as libbeat, see here.

Supported Platforms

Currently only MacOS X and Linux are supported due to the use of syscall in github.com/aeden/traceroute

Installation

Install and configure Go.

Install and update this go package with go get -u github.com/xeb/routebeat. The routebeat binary will then be available in $GOPATH/bin.

If intending on using the Elasticsearch output, you should add a new index template using the supplied one, for example with curl -XPUT /_template/routebeat -d @/path/to/routebeat-template.json.

Usage

See the example configuration file for configuring your targets and assigning an output (default output is Elasticsearch).

Once you've created a configuration file you can run routebeat with routebeat -c /path/to/pingbeat.yml.

NOTE: you will likely need to run sudo routebeat in order to send ICMP pings. If you'd like to see everything routebeat is doing, run something like: sudo ./routebeat -e -v -d routebeat -c etc/pingbeat.yml which will output information from the Debug logger "routebeat".

Kibana Dashboard

There is a Kibana export you can use to create some basic visulizations and a simple dashboard to explore routebeat data.

Note on privileges

In order to send regular ICMP ping packets, routebeat needs to open raw sockets, which can only be done with superuser privileges. So you either need to run routebeat with sudo or as root to send regular pings. I haven't tried a non-priviledged UDP traceroute yet.

Feel free to submit a PR if that is useful:)

License

pingbeat is licensed under the Apache 2.0 license.