Beispiel #1
0
// Setup packetbeat
func (pb *Packetbeat) Setup(b *beat.Beat) error {

	if err := procs.ProcWatcher.Init(pb.PbConfig.Procs); err != nil {
		logp.Critical(err.Error())
		os.Exit(1)
	}

	pb.Sniff = new(sniffer.SnifferSetup)

	logp.Debug("main", "Initializing protocol plugins")
	for proto, plugin := range EnabledProtocolPlugins {
		err := plugin.Init(false, b.Events)
		if err != nil {
			logp.Critical("Initializing plugin %s failed: %v", proto, err)
			os.Exit(1)
		}
		protos.Protos.Register(proto, plugin)
	}

	var err error

	icmpProc, err := icmp.NewIcmp(false, b.Events)
	if err != nil {
		logp.Critical(err.Error())
		os.Exit(1)
	}

	tcpProc, err := tcp.NewTcp(&protos.Protos)
	if err != nil {
		logp.Critical(err.Error())
		os.Exit(1)
	}

	udpProc, err := udp.NewUdp(&protos.Protos)
	if err != nil {
		logp.Critical(err.Error())
		os.Exit(1)
	}

	pb.over = make(chan bool)

	logp.Debug("main", "Initializing sniffer")
	err = pb.Sniff.Init(false, icmpProc, icmpProc, tcpProc, udpProc)
	if err != nil {
		logp.Critical("Initializing sniffer failed: %v", err)
		os.Exit(1)
	}

	// This needs to be after the sniffer Init but before the sniffer Run.
	if err = droppriv.DropPrivileges(config.ConfigSingleton.RunOptions); err != nil {
		logp.Critical(err.Error())
		os.Exit(1)
	}

	return err
}
Beispiel #2
0
func (pb *Packetbeat) makeWorkerFactory(filter string) sniffer.WorkerFactory {
	return func(dl layers.LinkType) (sniffer.Worker, string, error) {
		var f *flows.Flows
		var err error
		config := &pb.Config

		if config.Flows.IsEnabled() {
			f, err = flows.NewFlows(pb.Pub, config.Flows)
			if err != nil {
				return nil, "", err
			}
		}

		var icmp4 icmp.ICMPv4Processor
		var icmp6 icmp.ICMPv6Processor
		if cfg := config.Protocols["icmp"]; cfg.Enabled() {
			icmp, err := icmp.New(false, pb.Pub, cfg)
			if err != nil {
				return nil, "", err
			}

			icmp4 = icmp
			icmp6 = icmp
		}

		tcp, err := tcp.NewTcp(&protos.Protos)
		if err != nil {
			return nil, "", err
		}

		udp, err := udp.NewUdp(&protos.Protos)
		if err != nil {
			return nil, "", err
		}

		worker, err := decoder.NewDecoder(f, dl, icmp4, icmp6, tcp, udp)
		if err != nil {
			return nil, "", err
		}

		if f != nil {
			pb.services = append(pb.services, f)
		}
		return worker, filter, nil
	}
}
Beispiel #3
0
// Setup packetbeat
func (pb *Packetbeat) Setup(b *beat.Beat) error {

	if err := procs.ProcWatcher.Init(pb.PbConfig.Procs); err != nil {
		logp.Critical(err.Error())
		os.Exit(1)
	}

	pb.Sniff = new(sniffer.SnifferSetup)

	queueSize := defaultQueueSize
	if pb.PbConfig.Shipper.QueueSize != nil {
		queueSize = *pb.PbConfig.Shipper.QueueSize
	}
	pb.Pub = publish.NewPublisher(b.Publisher, queueSize)
	pb.Pub.Start()

	logp.Debug("main", "Initializing protocol plugins")
	for proto, plugin := range EnabledProtocolPlugins {
		err := plugin.Init(false, pb.Pub)
		if err != nil {
			logp.Critical("Initializing plugin %s failed: %v", proto, err)
			os.Exit(1)
		}
		protos.Protos.Register(proto, plugin)
	}

	var err error

	icmpProc, err := icmp.NewIcmp(false, pb.Pub)
	if err != nil {
		logp.Critical(err.Error())
		os.Exit(1)
	}

	tcpProc, err := tcp.NewTcp(&protos.Protos)
	if err != nil {
		logp.Critical(err.Error())
		os.Exit(1)
	}

	udpProc, err := udp.NewUdp(&protos.Protos)
	if err != nil {
		logp.Critical(err.Error())
		os.Exit(1)
	}

	pb.over = make(chan bool)

	/*
		logp.Debug("main", "Initializing filters")
		_, err = filters.FiltersRun(
			config.ConfigSingleton.Filter,
			EnabledFilterPlugins,
			b.Events,
			b.Stop)

		if err != nil {
			logp.Critical("%v", err)
			os.Exit(1)
		}
	*/

	logp.Debug("main", "Initializing sniffer")
	err = pb.Sniff.Init(false, icmpProc, icmpProc, tcpProc, udpProc)
	if err != nil {
		logp.Critical("Initializing sniffer failed: %v", err)
		os.Exit(1)
	}

	// This needs to be after the sniffer Init but before the sniffer Run.
	if err = droppriv.DropPrivileges(config.ConfigSingleton.RunOptions); err != nil {
		logp.Critical(err.Error())
		os.Exit(1)
	}

	return err
}