4 Nisan 2018 Çarşamba

Tracebeat : Elastic Beat for Traceroute Command

What is the Tracebeat

Tracebeat is an Elastic Beat that reads traceroute output and indexes them into Elasticsearch or Logstash.
Tracebeat is written in Golang like all Beats.
In computing, traceroute is a computer network diagnostic tool for displaying the route (path) and measuring transit delays of packets across an Internet Protocol (IP) network.

Configuration Options

You need to adjust the tracebeat.yml configuration file to your needs. Here is a sample configuration:

input:
  # Defines how often an event is sent to the output
  # Default to 30s
  period: 30

  # Defines the destination host.
  # Default to `8.8.8.8`
  host: 8.8.8.8

  # Default to 64
  maxhops: 64

  # Default to 3
  retries: 3

  # Default to 500ms
  timeoutms: 500

  # Packet size in byte
  # Default to 60
  packetsize: 60


Options


period
How often to take traceroute output and sent to the Elasticsearch.
period: 30
host
To trace the route to a network host pass the ip address of the server you want to connect.
host: 8.8.8.8
maxhops
Specifies the maximum number of hops traceroute will probe.
maxhops: 64
retries and timeoutms
retries: 3
timeoutms: 500
packetsize
Packet size in byte.
packetsize: 60

Run Tracebeat

First, setup Golang environment (if you don't have it already)

cd $GOPATH
mkdir -p src/github.com/berfinsari
cdsrc/github.com/berfinsari
git clonehttps://github.com/berfinsari/tracebeat.git
cd tracebeat
make

Must be run as sudo.
To run Tracebeat with debugging output enabled, run:

sudo ./tracebeat -c tracebeat.yml -e -d "*" -strict.perms=false

Document Example



    "traceroute": [
      {
        "address": "192.168.1.1",
        "elapsedTime": 4.74324,
        "hopNumber": 1,
        "hostName": "gateway",
        "n": 57,
        "success": true,
        "ttl": 1
      },
      {
        "address": "213.14.0.175",
        "elapsedTime": 14.180505,
        "hopNumber": 2,
        "hostName": "host-213-14-0-175.reverse.superonline.net.",
        "n": 57,
        "success": true,
        "ttl": 2
      },
      {
        "address": "10.36.246.137",
        "elapsedTime": 16.202385,
        "hopNumber": 3,
        "hostName": "",
        "n": 60,
        "success": true,
        "ttl": 3
      },
      {
        "address": "10.34.255.194",
        "elapsedTime": 16.622273,
        "hopNumber": 4,
        "hostName": "",
        "n": 60,
        "success": true,
        "ttl": 4
      },
      {
        "address": "10.38.218.73",
        "elapsedTime": 28.081027,
        "hopNumber": 5,
        "hostName": "",
        "n": 60,
        "success": true,
        "ttl": 5
      },
      {
        "address": "10.38.219.34",
        "elapsedTime": 27.367852,
        "hopNumber": 6,
        "hostName": "",
        "n": 60,
        "success": true,
        "ttl": 6
      },
      {
        "address": "10.40.130.254",
        "elapsedTime": 31.402987,
        "hopNumber": 7,
        "hostName": "",
        "n": 60,
        "success": true,
        "ttl": 7
      },
      {
        "address": "10.36.108.66",
        "elapsedTime": 37.904474,
        "hopNumber": 8,
        "hostName": "",
        "n": 60,
        "success": true,
        "ttl": 8
      },
      {
        "address": "10.36.6.121",
        "elapsedTime": 37.738806,
        "hopNumber": 9,
        "hostName": "",
        "n": 60,
        "success": true,
        "ttl": 9
      },
      {
        "address": "72.14.196.80",
        "elapsedTime": 44.931238,
        "hopNumber": 10,
        "hostName": "",
        "n": 56,
        "success": true,
        "ttl": 10
      },
      {
        "address": "108.170.250.177",
        "elapsedTime": 63.602268,
        "hopNumber": 11,
        "hostName": "",
        "n": 57,
        "success": true,
        "ttl": 11
      },
      {
        "address": "216.239.58.207",
        "elapsedTime": 56.558554,
        "hopNumber": 12,
        "hostName": "",
        "n": 57,
        "success": true,
        "ttl": 12
      },
      {
        "address": "8.8.8.8",
        "elapsedTime": 77.484311,
        "hopNumber": 13,
        "hostName": "google-public-dns-a.google.com.",
        "n": 57,
        "success": true,
        "ttl": 13
      }
    ],
    "type": "tracebeat"
}