Esempio n. 1
0
func (pb *packetbeat) Run(b *beat.Beat) error {
	defer func() {
		if service.ProfileEnabled() {
			logp.Debug("main", "Waiting for streams and transactions to expire...")
			time.Sleep(time.Duration(float64(protos.DefaultTransactionExpiration) * 1.2))
			logp.Debug("main", "Streams and transactions should all be expired now.")
		}

		// TODO:
		// pb.TransPub.Stop()
	}()

	pb.pub.Start()

	// This needs to be after the sniffer Init but before the sniffer Run.
	if err := droppriv.DropPrivileges(pb.config.RunOptions); err != nil {
		return err
	}

	// start services
	for _, service := range pb.services {
		service.Start()
	}

	var wg sync.WaitGroup
	errC := make(chan error, 1)

	// Run the sniffer in background
	wg.Add(1)
	go func() {
		defer wg.Done()
		err := pb.sniff.Run()
		if err != nil {
			errC <- fmt.Errorf("Sniffer main loop failed: %v", err)
		}
	}()

	logp.Debug("main", "Waiting for the sniffer to finish")
	wg.Wait()
	select {
	default:
	case err := <-errC:
		return err
	}

	// kill services
	for _, service := range pb.services {
		service.Stop()
	}

	waitShutdown := pb.cmdLineArgs.waitShutdown
	if waitShutdown != nil && *waitShutdown > 0 {
		time.Sleep(time.Duration(*waitShutdown) * time.Second)
	}

	return nil
}
Esempio n. 2
0
// Setup packetbeat
func (pb *Packetbeat) Setup(b *beat.Beat) error {

	if err := procs.ProcWatcher.Init(pb.PbConfig.Procs); err != nil {
		logp.Critical(err.Error())
		os.Exit(1)
	}

	pb.Sniff = new(sniffer.SnifferSetup)

	logp.Debug("main", "Initializing protocol plugins")
	for proto, plugin := range EnabledProtocolPlugins {
		err := plugin.Init(false, b.Events)
		if err != nil {
			logp.Critical("Initializing plugin %s failed: %v", proto, err)
			os.Exit(1)
		}
		protos.Protos.Register(proto, plugin)
	}

	var err error

	icmpProc, err := icmp.NewIcmp(false, b.Events)
	if err != nil {
		logp.Critical(err.Error())
		os.Exit(1)
	}

	tcpProc, err := tcp.NewTcp(&protos.Protos)
	if err != nil {
		logp.Critical(err.Error())
		os.Exit(1)
	}

	udpProc, err := udp.NewUdp(&protos.Protos)
	if err != nil {
		logp.Critical(err.Error())
		os.Exit(1)
	}

	pb.over = make(chan bool)

	logp.Debug("main", "Initializing sniffer")
	err = pb.Sniff.Init(false, icmpProc, icmpProc, tcpProc, udpProc)
	if err != nil {
		logp.Critical("Initializing sniffer failed: %v", err)
		os.Exit(1)
	}

	// This needs to be after the sniffer Init but before the sniffer Run.
	if err = droppriv.DropPrivileges(config.ConfigSingleton.RunOptions); err != nil {
		logp.Critical(err.Error())
		os.Exit(1)
	}

	return err
}
Esempio n. 3
0
// Setup packetbeat
func (pb *Packetbeat) Setup(b *beat.Beat) error {

	if err := procs.ProcWatcher.Init(pb.PbConfig.Procs); err != nil {
		logp.Critical(err.Error())
		os.Exit(1)
	}

	queueSize := defaultQueueSize
	if pb.PbConfig.Shipper.QueueSize != nil {
		queueSize = *pb.PbConfig.Shipper.QueueSize
	}
	bulkQueueSize := defaultBulkQueueSize
	if pb.PbConfig.Shipper.BulkQueueSize != nil {
		bulkQueueSize = *pb.PbConfig.Shipper.BulkQueueSize
	}
	pb.Pub = publish.NewPublisher(b.Publisher, queueSize, bulkQueueSize)
	pb.Pub.Start()

	logp.Debug("main", "Initializing protocol plugins")
	err := protos.Protos.Init(false, pb.Pub, pb.PbConfig.Protocols)
	if err != nil {
		logp.Critical("Initializing protocol analyzers failed: %v", err)
		os.Exit(1)
	}

	pb.over = make(chan bool)

	logp.Debug("main", "Initializing sniffer")
	if err := pb.setupSniffer(); err != nil {
		logp.Critical("Initializing sniffer failed: %v", err)
		os.Exit(1)
	}

	// This needs to be after the sniffer Init but before the sniffer Run.
	if err := droppriv.DropPrivileges(config.ConfigSingleton.RunOptions); err != nil {
		logp.Critical(err.Error())
		os.Exit(1)
	}

	return nil
}
Esempio n. 4
0
// Setup packetbeat
func (pb *Packetbeat) Setup(b *beat.Beat) error {

	cfg := &pb.PbConfig.Packetbeat

	if err := procs.ProcWatcher.Init(cfg.Procs); err != nil {
		logp.Critical(err.Error())
		return err
	}

	queueSize := defaultQueueSize
	if b.Config.Shipper.QueueSize != nil {
		queueSize = *b.Config.Shipper.QueueSize
	}
	bulkQueueSize := defaultBulkQueueSize
	if b.Config.Shipper.BulkQueueSize != nil {
		bulkQueueSize = *b.Config.Shipper.BulkQueueSize
	}
	pb.Pub = publish.NewPublisher(b.Publisher, queueSize, bulkQueueSize)
	pb.Pub.Start()

	logp.Debug("main", "Initializing protocol plugins")
	err := protos.Protos.Init(false, pb.Pub, cfg.Protocols)
	if err != nil {
		return fmt.Errorf("Initializing protocol analyzers failed: %v", err)
	}

	logp.Debug("main", "Initializing sniffer")
	if err := pb.setupSniffer(); err != nil {
		return fmt.Errorf("Initializing sniffer failed: %v", err)
	}

	// This needs to be after the sniffer Init but before the sniffer Run.
	if err := droppriv.DropPrivileges(cfg.RunOptions); err != nil {
		return err
	}

	return nil
}
Esempio n. 5
0
// Setup packetbeat
func (pb *Packetbeat) Setup(b *beat.Beat) error {

	if err := procs.ProcWatcher.Init(pb.PbConfig.Procs); err != nil {
		logp.Critical(err.Error())
		os.Exit(1)
	}

	pb.Sniff = new(sniffer.SnifferSetup)

	queueSize := defaultQueueSize
	if pb.PbConfig.Shipper.QueueSize != nil {
		queueSize = *pb.PbConfig.Shipper.QueueSize
	}
	pb.Pub = publish.NewPublisher(b.Publisher, queueSize)
	pb.Pub.Start()

	logp.Debug("main", "Initializing protocol plugins")
	for proto, plugin := range EnabledProtocolPlugins {
		err := plugin.Init(false, pb.Pub)
		if err != nil {
			logp.Critical("Initializing plugin %s failed: %v", proto, err)
			os.Exit(1)
		}
		protos.Protos.Register(proto, plugin)
	}

	var err error

	icmpProc, err := icmp.NewIcmp(false, pb.Pub)
	if err != nil {
		logp.Critical(err.Error())
		os.Exit(1)
	}

	tcpProc, err := tcp.NewTcp(&protos.Protos)
	if err != nil {
		logp.Critical(err.Error())
		os.Exit(1)
	}

	udpProc, err := udp.NewUdp(&protos.Protos)
	if err != nil {
		logp.Critical(err.Error())
		os.Exit(1)
	}

	pb.over = make(chan bool)

	/*
		logp.Debug("main", "Initializing filters")
		_, err = filters.FiltersRun(
			config.ConfigSingleton.Filter,
			EnabledFilterPlugins,
			b.Events,
			b.Stop)

		if err != nil {
			logp.Critical("%v", err)
			os.Exit(1)
		}
	*/

	logp.Debug("main", "Initializing sniffer")
	err = pb.Sniff.Init(false, icmpProc, icmpProc, tcpProc, udpProc)
	if err != nil {
		logp.Critical("Initializing sniffer failed: %v", err)
		os.Exit(1)
	}

	// This needs to be after the sniffer Init but before the sniffer Run.
	if err = droppriv.DropPrivileges(config.ConfigSingleton.RunOptions); err != nil {
		logp.Critical(err.Error())
		os.Exit(1)
	}

	return err
}