Skip to content

/ routebeat

An elastic beat to capture network routes

Apache-2.0 License
1 star 0 forks
Star
Notifications
master
Switch branches/tags
1 branch 0 tags
Go to file
Code
Clone

Use Git or checkout with SVN using the web URL.

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
Godeps
 
 
docs
 
 
etc
 
 
.gitignore
 
 
.travis.yml
 
 
LICENSE
 
 
Makefile
 
 
README.md
 
 
appveyor.yml
 
 
config.go
 
 
main.go
 
 
routebeat.go
 
 
routebeat_test.go
 
 

README.md

routebeat

Travis GoReportCard codecov.io

For constantly tracing routes

routebeat sends ICMP pings to a list of targets to record TCP/IP routing information.
It uses github.com/aeden/traceroute for sending/recieving ping packets and tracing routes. As well as elastic/libbeat to talk to Elasticsearch and other outputs. Essentially, those two libraries do all the heavy lifting, routebeat is just glue around them.

Routebeat has three events it can publish, including:

  • Route summary stats (with a type of "route")
  • Route hop messages (with a type of "route_hop")
  • Route changes during a beat run (with a type of "route_change")

By default, only the first route event is published.

Requirements

routebeat has the same requirements around the Go environment as libbeat, see here.

Supported Platforms

Currently only MacOS X and Linux are supported due to the use of syscall in github.com/aeden/traceroute

Installation

Install and configure Go.

Install and update this go package with go get -u github.com/xeb/routebeat. The routebeat binary will then be available in $GOPATH/bin.

If intending on using the Elasticsearch output, you should add a new index template using the supplied one, for example with curl -XPUT /_template/routebeat -d @/path/to/routebeat-template.json.

Usage

See the example configuration file for configuring your targets and assigning an output (default output is Elasticsearch).

Once you've created a configuration file you can run routebeat with routebeat -c /path/to/pingbeat.yml.

NOTE: you will likely need to run sudo routebeat in order to send ICMP pings. If you'd like to see everything routebeat is doing, run something like: sudo ./routebeat -e -v -d routebeat -c etc/pingbeat.yml which will output information from the Debug logger "routebeat".

Kibana Dashboard

There is a Kibana export you can use to create some basic visulizations and a simple dashboard to explore routebeat data.

Note on privileges

In order to send regular ICMP ping packets, routebeat needs to open raw sockets, which can only be done with superuser privileges. So you either need to run routebeat with sudo or as root to send regular pings. I haven't tried a non-priviledged UDP traceroute yet.

Feel free to submit a PR if that is useful:)

License

pingbeat is licensed under the Apache 2.0 license.

About

An elastic beat to capture network routes

Resources

Readme

License

Apache-2.0 License

Releases

No releases published

Packages

No packages published

Languages