Compare commits
No commits in common. "master" and "v0.1.2" have entirely different histories.
|
|
@ -5,13 +5,10 @@ Simple GELF reader application
|
||||||
This is a simple application which opens a network port (currently UDP only) and receives a GELF input from Graylog or any other application. The primary purpose was to be able to filter some messages from many hosts in Graylog and output it onto this reader. Then you can process this aggregated and filtered log with (for example) fail2ban to block attackers on the router, firewall or hypervisor.
|
This is a simple application which opens a network port (currently UDP only) and receives a GELF input from Graylog or any other application. The primary purpose was to be able to filter some messages from many hosts in Graylog and output it onto this reader. Then you can process this aggregated and filtered log with (for example) fail2ban to block attackers on the router, firewall or hypervisor.
|
||||||
|
|
||||||
Usage:
|
Usage:
|
||||||
gelf-reader [OPTIONS]
|
`gelf-reader [OPTIONS]`
|
||||||
where options is:
|
where options is:
|
||||||
-listen <ip>:<port> - the address and port to listen at
|
-listen <ip>:<port> - the address and port to listen at
|
||||||
-output <filename> - output to file (stdout if omit)
|
-output <filename> - output to file (stdout if omit)
|
||||||
-template <string> - output template (default "{{TimeUnix}} {{Host}}: {{Short}}")
|
|
||||||
-version - show version and exit
|
-version - show version and exit
|
||||||
All template tokens should be surrounded by a "{{" and "}}" pair. Supported template tokens:
|
|
||||||
Facility, Full, Host, Level, RawExtra, Short, TimeUnix, Version
|
|
||||||
|
|
||||||
**WARNING:** There are no authentication nor any other host restriction mechanisms, this should be only used in trusted (private and/or properly firewalled) networks.
|
**WARNING:** There are no authentication nor any other host restriction mechanisms, this should be only used in trusted (private and/or properly firewalled) networks.
|
||||||
|
|
|
||||||
26
main.go
26
main.go
|
|
@ -8,28 +8,23 @@ import (
|
||||||
"log"
|
"log"
|
||||||
"os"
|
"os"
|
||||||
|
|
||||||
"github.com/valyala/fasttemplate"
|
|
||||||
"gopkg.in/Graylog2/go-gelf.v2/gelf"
|
"gopkg.in/Graylog2/go-gelf.v2/gelf"
|
||||||
)
|
)
|
||||||
|
|
||||||
const (
|
const (
|
||||||
VERSION = "0.2.0"
|
VERSION = "0.1.2"
|
||||||
)
|
)
|
||||||
|
|
||||||
func main() {
|
func main() {
|
||||||
var (
|
var (
|
||||||
listenAddr string
|
listenAddr string
|
||||||
outputFile string
|
outputFile string
|
||||||
stemplate string
|
|
||||||
showVersion bool
|
showVersion bool
|
||||||
outWriter io.Writer
|
outWriter io.Writer
|
||||||
template *fasttemplate.Template
|
|
||||||
)
|
)
|
||||||
|
|
||||||
flag.StringVar(&listenAddr, "listen", "0.0.0.0:12201", "listen address")
|
flag.StringVar(&listenAddr, "listen", "0.0.0.0:12201", "listen address")
|
||||||
flag.StringVar(&outputFile, "output", "", "Output file (stdout if empty)")
|
flag.StringVar(&outputFile, "output", "", "Output file (stdout if empty)")
|
||||||
flag.StringVar(&stemplate, "template", "{{TimeUnix}} {{Host}}: {{Short}}",
|
|
||||||
"Output template")
|
|
||||||
flag.BoolVar(&showVersion, "version", false, "Show version and exit")
|
flag.BoolVar(&showVersion, "version", false, "Show version and exit")
|
||||||
flag.Parse()
|
flag.Parse()
|
||||||
|
|
||||||
|
|
@ -38,11 +33,6 @@ func main() {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
template, tplerr := fasttemplate.NewTemplate(stemplate, "{{", "}}")
|
|
||||||
if tplerr != nil {
|
|
||||||
log.Fatalf("Error parsing template\n%s", tplerr)
|
|
||||||
}
|
|
||||||
|
|
||||||
if len(outputFile) > 0 {
|
if len(outputFile) > 0 {
|
||||||
outFile, err := os.OpenFile(outputFile, os.O_APPEND|os.O_WRONLY|os.O_CREATE, 0755)
|
outFile, err := os.OpenFile(outputFile, os.O_APPEND|os.O_WRONLY|os.O_CREATE, 0755)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
@ -62,24 +52,12 @@ func main() {
|
||||||
|
|
||||||
fmt.Printf("Listening on %v\n", gelfReader.Addr())
|
fmt.Printf("Listening on %v\n", gelfReader.Addr())
|
||||||
|
|
||||||
msgData := make(map[string]interface{}, 8)
|
|
||||||
|
|
||||||
for {
|
for {
|
||||||
msg, err := gelfReader.ReadMessage()
|
msg, err := gelfReader.ReadMessage()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Printf("Error reading message\n%s\n", err)
|
log.Printf("Error reading message\n%s\n", err)
|
||||||
} else {
|
} else {
|
||||||
msgData["Facility"] = msg.Facility
|
fmt.Fprintf(outWriter, "%f %v: %v\n", msg.TimeUnix, msg.Host, msg.Short)
|
||||||
msgData["Full"] = msg.Full
|
|
||||||
msgData["Host"] = msg.Host
|
|
||||||
msgData["Level"] = string(msg.Level)
|
|
||||||
msgData["RawExtra"] = string(msg.RawExtra)
|
|
||||||
msgData["Short"] = msg.Short
|
|
||||||
msgData["TimeUnix"] = fmt.Sprintf("%f", msg.TimeUnix)
|
|
||||||
msgData["Version"] = msg.Version
|
|
||||||
|
|
||||||
template.Execute(outWriter, msgData)
|
|
||||||
outWriter.Write([]byte("\n"))
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue