From 4a06b541dd5f52bf5375b4abd4dd148b76b5e0c8 Mon Sep 17 00:00:00 2001 From: David Vanhoucke Date: Wed, 3 Jul 2024 14:23:12 +0100 Subject: [PATCH 1/3] add subnet to observation id filters --- packaging/rpm/Makefile | 6 +-- resources/providers/config.rb | 7 +-- .../templates/default/rb-exporter_conf.erb | 52 +++++++++++++++++++ .../default/rb-exporter_pretag_map.erb | 8 +++ resources/templates/rb-exporter_conf.erb | 26 ---------- 5 files changed, 66 insertions(+), 33 deletions(-) create mode 100644 resources/templates/default/rb-exporter_conf.erb delete mode 100644 resources/templates/rb-exporter_conf.erb diff --git a/packaging/rpm/Makefile b/packaging/rpm/Makefile index 880e65e..016d802 100644 --- a/packaging/rpm/Makefile +++ b/packaging/rpm/Makefile @@ -16,10 +16,8 @@ SOURCES: archive: SOURCES cd ../../ && \ - tar --exclude=packaging/rpm/SOURCES -cvf packaging/rpm/SOURCES/$(PACKAGE_NAME)-$(VERSION).tar.gz \ - --transform 's%^./%$(PACKAGE_NAME)-$(VERSION)/%' . - #git archive --prefix=$(PACKAGE_NAME)-$(VERSION)/ \ - # -o packaging/rpm/SOURCES/$(PACKAGE_NAME)-$(VERSION).tar.gz HEAD + git archive --prefix=$(PACKAGE_NAME)-$(VERSION)/ \ + -o packaging/rpm/SOURCES/$(PACKAGE_NAME)-$(VERSION).tar.gz HEAD build_prepare: archive diff --git a/resources/providers/config.rb b/resources/providers/config.rb index 176c94c..31bc7aa 100644 --- a/resources/providers/config.rb +++ b/resources/providers/config.rb @@ -95,7 +95,8 @@ # Calculate observation_id observation_id = (iface['observationId'] && !iface['observationId'].empty?) ? iface['observationId'] : nil - observation_id = 4294967295 if observation_id.nil? && iface['type'].downcase.include?('sflow') + observation_id = 4294967295 if observation_id.nil? && iface['protocol_type'].downcase.include?('sflow') + observation_id_filters = iface['observation_id_filters'] || {} template "/etc/rb-exporter/#{iface_key}/rb-exporter.conf" do source 'rb-exporter_conf.erb' @@ -104,7 +105,7 @@ cookbook 'rb-exporter' mode '0644' retries 2 - variables(dstAddress: iface['dstAddress'], type: iface['type'], ipAddress: node['ipaddress'], iface: iface_key, observation_id: observation_id) + variables(dstAddress: iface['dstAddress'], type: iface['protocol_type'], ipAddress: node['ipaddress'], iface: iface_key, observation_id: observation_id, observation_id_filters: observation_id_filters) notifies :run, "execute[restart_rb-exporter_#{iface_key}]", :delayed end @@ -115,7 +116,7 @@ cookbook 'rb-exporter' mode '0644' retries 2 - variables(observation_id: observation_id) + variables(observation_id: observation_id, observation_id_filters: observation_id_filters) notifies :run, "execute[restart_rb-exporter_#{iface_key}]", :delayed end else diff --git a/resources/templates/default/rb-exporter_conf.erb b/resources/templates/default/rb-exporter_conf.erb new file mode 100644 index 0000000..012afb6 --- /dev/null +++ b/resources/templates/default/rb-exporter_conf.erb @@ -0,0 +1,52 @@ +daemonize: true +logfile:/var/log/rb-exporter/<%= @iface %>/rb-exporter.log + +<% if @type.downcase.include? "netflow"%> + <% if @observation_id_filters.count > 0 %> + <% unique_observation_ids = @observation_id_filters.map { |filter| filter['observation_id'] }.uniq %> + <% unique_observation_ids.each do |id| %> +aggregate[<%= id %>]: src_host, dst_host, src_mac, dst_mac, src_port, dst_port, proto, class, vlan + <% end %> +aggregate[<%= @observation_id %>]: src_host, dst_host, src_mac, dst_mac, src_port, dst_port, proto, class, vlan + + <% @observation_id_filters.each do |filter| %> +aggregate_filter[<%= filter['observation_id'] %>]: src net <%= filter['subnet'] %> + <% end %> + <% @observation_id_filters.each do |filter| %> +aggregate_filter[<%= filter['observation_id'] %>]: dst net <%= filter['subnet'] %><%= " and not src net " + @observation_id_filters.reject { |f| f == filter }.map { |f| f['subnet'] }.join(' and not src net ') if @observation_id_filters.length > 1 %> + <% end %> + +aggregate_filter[<%= @observation_id %>]: not src net <%= @observation_id_filters.map { |f| f['subnet'] }.join(' and not src net ') %> and not dst net <%= @observation_id_filters.map { |f| f['subnet'] }.join(' and not dst net ') %> + +plugins: <%= unique_observation_ids.map { |id| "nfprobe[#{id}]" }.join(', ') %>, nfprobe[<%= @observation_id %>] +nfprobe_receiver: <%= @dstAddress %> +nfprobe_version: <%= @type.scan(/\d/).join('') %> +nfprobe_timeouts: maxlife=30:tcp=30:udp=30:icmp=30:general=30 + <% unique_observation_ids.each do |id| %> +nfprobe_engine[<%= id %>]: <%= id %> + <% end %> +nfprobe_engine[<%= @observation_id %>]: <%= @observation_id %> + <% else %> +aggregate: src_host, dst_host, src_mac, dst_mac, src_port, dst_port, proto, class, vlan + +plugins: nfprobe +nfprobe_receiver: <%= @dstAddress %> +nfprobe_version: <%= @type.scan(/\d/).join('') %> +nfprobe_timeouts: maxlife=30:tcp=30:udp=30:icmp=30:general=30 + <% if @observation_id %> +nfprobe_engine: <%=@observation_id%><%=@type.scan(/\d/).join('').to_i > 5 ? "" : ":0"%> + <% end %> + <% end # end netflow%> +<% end %> + +<% if @type.downcase.include? "sflow" %> +aggregate: class, dst_host, dst_host_country, dst_mac, dst_port, export_proto_seqno, in_iface, out_iface, peer_dst_ip, peer_src_ip, proto, sampling_rate, src_host, src_host_country, src_mac, src_port, tag, tag2, tcpflags, timestamp_arrival, tos, vlan + +plugins: sfprobe +sfprobe_agentip: <%= @ipAddress %> +sfprobe_agentsubid: 1402 +sfprobe_receiver: <%= @dstAddress %> +sampling_rate: 20 +!pre_tag_label_encode_as_map: true +pre_tag_map: /etc/rb-exporter/<%=@iface%>/pretag.map +<% end %> diff --git a/resources/templates/default/rb-exporter_pretag_map.erb b/resources/templates/default/rb-exporter_pretag_map.erb index c5132f3..17dc62d 100644 --- a/resources/templates/default/rb-exporter_pretag_map.erb +++ b/resources/templates/default/rb-exporter_pretag_map.erb @@ -13,5 +13,13 @@ ! dst_mac, vlan. <% if @observation_id %> +<% for observation_id_filter in @observation_id_filters %> + set_tag2=<%= observation_id_filter['observation_id'] %> filter='src net <%= observation_id_filter['subnet'] %>' +<% end %> + +<% for observation_id_filter in @observation_id_filters %> + set_tag2=<%= observation_id_filter['observation_id'] %> filter='dst net <%= observation_id_filter['subnet'] %>' +<% end %> + set_tag2=<%=@observation_id%> <% end %> diff --git a/resources/templates/rb-exporter_conf.erb b/resources/templates/rb-exporter_conf.erb deleted file mode 100644 index 72ce380..0000000 --- a/resources/templates/rb-exporter_conf.erb +++ /dev/null @@ -1,26 +0,0 @@ -daemonize: true -logfile:/var/log/rb-exporter/<%= @iface %>/rb-exporter.log - -<% if @type.downcase.include? "netflow"%> -aggregate: src_host, dst_host, src_mac, dst_mac, src_port, dst_port, proto, class, vlan, tag2 - -plugins: nfprobe -nfprobe_receiver: <%= @dstAddress %> -nfprobe_version: <%= @type.scan(/\d/).join('') %> -nfprobe_timeouts: maxlife=30:tcp=30:udp=30:icmp=30:general=30 -<% if @observation_id %> -nfprobe_engine: <%=@observation_id%><%=@type.scan(/\d/).join('').to_i > 5 ? "" : ":0"%> -<% end %> -<% end # end netflow%> - -<% if @type.downcase.include? "sflow" %> -aggregate: class, dst_host, dst_host_country, dst_mac, dst_port, export_proto_seqno, in_iface, out_iface, peer_dst_ip, peer_src_ip, proto, sampling_rate, src_host, src_host_country, src_mac, src_port, tag, tag2, tcpflags, timestamp_arrival, tos, vlan - -plugins: sfprobe -sfprobe_agentip: <%= @ipAddress %> -sfprobe_agentsubid: 1402 -sfprobe_receiver: <%= @dstAddress %> -sampling_rate: 20 -!pre_tag_label_encode_as_map: true -pre_tag_map: /etc/rb-exporter/<%=@iface%>/pretag.map -<% end %> From c1ee0f36583e0f0eefa750626b32bc3ab7ed338f Mon Sep 17 00:00:00 2001 From: David Vanhoucke Date: Thu, 4 Jul 2024 12:50:46 +0100 Subject: [PATCH 2/3] fix netflow v5 --- resources/templates/default/rb-exporter_conf.erb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/resources/templates/default/rb-exporter_conf.erb b/resources/templates/default/rb-exporter_conf.erb index 012afb6..c323e09 100644 --- a/resources/templates/default/rb-exporter_conf.erb +++ b/resources/templates/default/rb-exporter_conf.erb @@ -23,9 +23,9 @@ nfprobe_receiver: <%= @dstAddress %> nfprobe_version: <%= @type.scan(/\d/).join('') %> nfprobe_timeouts: maxlife=30:tcp=30:udp=30:icmp=30:general=30 <% unique_observation_ids.each do |id| %> -nfprobe_engine[<%= id %>]: <%= id %> +nfprobe_engine[<%= id %>]: <%= id %><%=@type.scan(/\d/).join('').to_i > 5 ? "" : ":0"%> <% end %> -nfprobe_engine[<%= @observation_id %>]: <%= @observation_id %> +nfprobe_engine[<%= @observation_id %>]: <%= @observation_id %><%=@type.scan(/\d/).join('').to_i > 5 ? "" : ":0"%> <% else %> aggregate: src_host, dst_host, src_mac, dst_mac, src_port, dst_port, proto, class, vlan From 5d4f1900c3c767ff296689c80843d6156b6889db Mon Sep 17 00:00:00 2001 From: JuanSheba Date: Tue, 9 Jul 2024 13:50:22 +0100 Subject: [PATCH 3/3] Release 0.1.0 --- CHANGELOG.md | 6 ++++++ resources/metadata.rb | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 1fe7886..95ae311 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,12 @@ cookbook-rb-exporter CHANGELOG =============== +## 0.1.0 + + - David Vanhoucke + - [c1ee0f3] fix netflow v5 + - [4a06b54] add subnet to observation id filters + ## 0.0.2 - Miguel Negron diff --git a/resources/metadata.rb b/resources/metadata.rb index 4446ffa..19d864b 100644 --- a/resources/metadata.rb +++ b/resources/metadata.rb @@ -3,4 +3,4 @@ maintainer_email 'git@redborder.com' license 'AGPL-3.0' description 'Installs/Configures cookbook-rb-exporter' -version '0.0.2' +version '0.1.0'