func (pb *packetbeat) Run(b *beat.Beat) error {
defer func() {
if service.ProfileEnabled() {
logp.Debug("main", "Waiting for streams and transactions to expire...")
time.Sleep(time.Duration(float64(protos.DefaultTransactionExpiration) * 1.2))
logp.Debug("main", "Streams and transactions should all be expired now.")
}
// TODO:
// pb.TransPub.Stop()
}()
pb.pub.Start()
// This needs to be after the sniffer Init but before the sniffer Run.
if err := droppriv.DropPrivileges(pb.config.RunOptions); err != nil {
return err
}
// start services
for _, service := range pb.services {
service.Start()
}
var wg sync.WaitGroup
errC := make(chan error, 1)
// Run the sniffer in background
wg.Add(1)
go func() {
defer wg.Done()
err := pb.sniff.Run()
if err != nil {
errC <- fmt.Errorf("Sniffer main loop failed: %v", err)
}
}()
logp.Debug("main", "Waiting for the sniffer to finish")
wg.Wait()
select {
default:
case err := <-errC:
return err
}
// kill services
for _, service := range pb.services {
service.Stop()
}
waitShutdown := pb.cmdLineArgs.waitShutdown
if waitShutdown != nil && *waitShutdown > 0 {
time.Sleep(time.Duration(*waitShutdown) * time.Second)
}
return nil
}
// Setup packetbeat
func (pb *Packetbeat) Setup(b *beat.Beat) error {
if err := procs.ProcWatcher.Init(pb.PbConfig.Procs); err != nil {
logp.Critical(err.Error())
os.Exit(1)
}
pb.Sniff = new(sniffer.SnifferSetup)
logp.Debug("main", "Initializing protocol plugins")
for proto, plugin := range EnabledProtocolPlugins {
err := plugin.Init(false, b.Events)
if err != nil {
logp.Critical("Initializing plugin %s failed: %v", proto, err)
os.Exit(1)
}
protos.Protos.Register(proto, plugin)
}
var err error
icmpProc, err := icmp.NewIcmp(false, b.Events)
if err != nil {
logp.Critical(err.Error())
os.Exit(1)
}
tcpProc, err := tcp.NewTcp(&protos.Protos)
if err != nil {
logp.Critical(err.Error())
os.Exit(1)
}
udpProc, err := udp.NewUdp(&protos.Protos)
if err != nil {
logp.Critical(err.Error())
os.Exit(1)
}
pb.over = make(chan bool)
logp.Debug("main", "Initializing sniffer")
err = pb.Sniff.Init(false, icmpProc, icmpProc, tcpProc, udpProc)
if err != nil {
logp.Critical("Initializing sniffer failed: %v", err)
os.Exit(1)
}
// This needs to be after the sniffer Init but before the sniffer Run.
if err = droppriv.DropPrivileges(config.ConfigSingleton.RunOptions); err != nil {
logp.Critical(err.Error())
os.Exit(1)
}
return err
}
// Setup packetbeat
func (pb *Packetbeat) Setup(b *beat.Beat) error {
if err := procs.ProcWatcher.Init(pb.PbConfig.Procs); err != nil {
logp.Critical(err.Error())
os.Exit(1)
}
queueSize := defaultQueueSize
if pb.PbConfig.Shipper.QueueSize != nil {
queueSize = *pb.PbConfig.Shipper.QueueSize
}
bulkQueueSize := defaultBulkQueueSize
if pb.PbConfig.Shipper.BulkQueueSize != nil {
bulkQueueSize = *pb.PbConfig.Shipper.BulkQueueSize
}
pb.Pub = publish.NewPublisher(b.Publisher, queueSize, bulkQueueSize)
pb.Pub.Start()
logp.Debug("main", "Initializing protocol plugins")
err := protos.Protos.Init(false, pb.Pub, pb.PbConfig.Protocols)
if err != nil {
logp.Critical("Initializing protocol analyzers failed: %v", err)
os.Exit(1)
}
pb.over = make(chan bool)
logp.Debug("main", "Initializing sniffer")
if err := pb.setupSniffer(); err != nil {
logp.Critical("Initializing sniffer failed: %v", err)
os.Exit(1)
}
// This needs to be after the sniffer Init but before the sniffer Run.
if err := droppriv.DropPrivileges(config.ConfigSingleton.RunOptions); err != nil {
logp.Critical(err.Error())
os.Exit(1)
}
return nil
}
// Setup packetbeat
func (pb *Packetbeat) Setup(b *beat.Beat) error {
cfg := &pb.PbConfig.Packetbeat
if err := procs.ProcWatcher.Init(cfg.Procs); err != nil {
logp.Critical(err.Error())
return err
}
queueSize := defaultQueueSize
if b.Config.Shipper.QueueSize != nil {
queueSize = *b.Config.Shipper.QueueSize
}
bulkQueueSize := defaultBulkQueueSize
if b.Config.Shipper.BulkQueueSize != nil {
bulkQueueSize = *b.Config.Shipper.BulkQueueSize
}
pb.Pub = publish.NewPublisher(b.Publisher, queueSize, bulkQueueSize)
pb.Pub.Start()
logp.Debug("main", "Initializing protocol plugins")
err := protos.Protos.Init(false, pb.Pub, cfg.Protocols)
if err != nil {
return fmt.Errorf("Initializing protocol analyzers failed: %v", err)
}
logp.Debug("main", "Initializing sniffer")
if err := pb.setupSniffer(); err != nil {
return fmt.Errorf("Initializing sniffer failed: %v", err)
}
// This needs to be after the sniffer Init but before the sniffer Run.
if err := droppriv.DropPrivileges(cfg.RunOptions); err != nil {
return err
}
return nil
}
// Setup packetbeat
func (pb *Packetbeat) Setup(b *beat.Beat) error {
if err := procs.ProcWatcher.Init(pb.PbConfig.Procs); err != nil {
logp.Critical(err.Error())
os.Exit(1)
}
pb.Sniff = new(sniffer.SnifferSetup)
queueSize := defaultQueueSize
if pb.PbConfig.Shipper.QueueSize != nil {
queueSize = *pb.PbConfig.Shipper.QueueSize
}
pb.Pub = publish.NewPublisher(b.Publisher, queueSize)
pb.Pub.Start()
logp.Debug("main", "Initializing protocol plugins")
for proto, plugin := range EnabledProtocolPlugins {
err := plugin.Init(false, pb.Pub)
if err != nil {
logp.Critical("Initializing plugin %s failed: %v", proto, err)
os.Exit(1)
}
protos.Protos.Register(proto, plugin)
}
var err error
icmpProc, err := icmp.NewIcmp(false, pb.Pub)
if err != nil {
logp.Critical(err.Error())
os.Exit(1)
}
tcpProc, err := tcp.NewTcp(&protos.Protos)
if err != nil {
logp.Critical(err.Error())
os.Exit(1)
}
udpProc, err := udp.NewUdp(&protos.Protos)
if err != nil {
logp.Critical(err.Error())
os.Exit(1)
}
pb.over = make(chan bool)
/*
logp.Debug("main", "Initializing filters")
_, err = filters.FiltersRun(
config.ConfigSingleton.Filter,
EnabledFilterPlugins,
b.Events,
b.Stop)
if err != nil {
logp.Critical("%v", err)
os.Exit(1)
}
*/
logp.Debug("main", "Initializing sniffer")
err = pb.Sniff.Init(false, icmpProc, icmpProc, tcpProc, udpProc)
if err != nil {
logp.Critical("Initializing sniffer failed: %v", err)
os.Exit(1)
}
// This needs to be after the sniffer Init but before the sniffer Run.
if err = droppriv.DropPrivileges(config.ConfigSingleton.RunOptions); err != nil {
logp.Critical(err.Error())
os.Exit(1)
}
return err
}