From 069aeed2bf53c4de4674c51cad10c80577e97756 Mon Sep 17 00:00:00 2001 From: Vitaly Pashkov Date: Wed, 22 Nov 2017 18:15:57 +0300 Subject: [PATCH] Initial project upload --- README.md | 13 ++++++++++++- main.go | 63 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 75 insertions(+), 1 deletion(-) create mode 100644 main.go diff --git a/README.md b/README.md index 0e0312d..ea2d8a9 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,14 @@ # gelf-reader -Simple GELF reader application \ No newline at end of file +Simple GELF reader application + +This is a simple application which opens a network port (currently UDP only) and receives a GELF input from Graylog or any other application. The primary purpose was to be able to filter some messages from many hosts in Graylog and output it onto this reader. Then you can process this aggregated and filtered log with (for example) fail2ban to block attackers on the router, firewall or hypervisor. + +Usage: +gelf-reader [OPTIONS] +where options is: + -listen : - the address and port to listen at + -output - output to file (stdout if omit) + -version - show version and exit + +WARNING: There are no authentication nor any other host restriction mechanisms, this should be used in trusted (private and/or properly firewalled) networks. diff --git a/main.go b/main.go new file mode 100644 index 0000000..6e0ee87 --- /dev/null +++ b/main.go @@ -0,0 +1,63 @@ +// Production build: go build -ldflags="-w" -o gelf-reader_release gelf-reader +package main + +import ( + "flag" + "fmt" + "io" + "log" + "os" + + "gopkg.in/Graylog2/go-gelf.v2/gelf" +) + +const ( + VERSION = "0.1.2" +) + +func main() { + var ( + listenAddr string + outputFile string + showVersion bool + outWriter io.Writer + ) + + flag.StringVar(&listenAddr, "listen", "0.0.0.0:12201", "listen address") + flag.StringVar(&outputFile, "output", "", "Output file (stdout if empty)") + flag.BoolVar(&showVersion, "version", false, "Show version and exit") + flag.Parse() + + fmt.Printf("GELF reader server %v\n", VERSION) + if showVersion { + return + } + + if len(outputFile) > 0 { + outFile, err := os.OpenFile(outputFile, os.O_APPEND|os.O_WRONLY|os.O_CREATE, 0755) + if err != nil { + log.Fatalf("Error opening output file\n%s", err) + } + + outWriter = outFile + defer outFile.Close() + } else { + outWriter = os.Stdout + } + + gelfReader, err := gelf.NewReader(listenAddr) + if err != nil { + log.Fatalf("Error creating GELF network reader\n%s", err) + } + + fmt.Printf("Listening on %v\n", gelfReader.Addr()) + + for { + msg, err := gelfReader.ReadMessage() + if err != nil { + log.Printf("Error reading message\n%s\n", err) + } else { + fmt.Fprintf(outWriter, "%f %v: %v\n", msg.TimeUnix, msg.Host, msg.Short) + } + } +}