From c1a9b3868ee321afedf85c58338cf4f2acb63a9c Mon Sep 17 00:00:00 2001 From: Dwi Siswanto Date: Tue, 14 Dec 2021 14:31:37 +0700 Subject: [PATCH] Refactoring Promotheus metrics behavior --- pkg/metrics/metrics.go | 16 ++++++------- pkg/metrics/send.go | 51 ++++++++++++++++++++++++++++++++++++++++++ pkg/teler/teler.go | 38 +------------------------------ 3 files changed, 60 insertions(+), 45 deletions(-) create mode 100644 pkg/metrics/send.go diff --git a/pkg/metrics/metrics.go b/pkg/metrics/metrics.go index 82588948..f54005dc 100644 --- a/pkg/metrics/metrics.go +++ b/pkg/metrics/metrics.go @@ -4,7 +4,7 @@ import "github.com/prometheus/client_golang/prometheus" // Defines its Prometheus metrics variables var ( - GetCWA = prometheus.NewCounterVec( + getCWA = prometheus.NewCounterVec( prometheus.CounterOpts{ Name: "teler_cwa", Help: "Get lists of Common Web Attack threats", @@ -12,7 +12,7 @@ var ( []string{"description", "remote_addr", "request_uri", "status"}, ) - GetCVE = prometheus.NewCounterVec( + getCVE = prometheus.NewCounterVec( prometheus.CounterOpts{ Name: "teler_cve", Help: "Get lists of CVE threats", @@ -20,7 +20,7 @@ var ( []string{"description", "remote_addr", "request_uri", "status"}, ) - GetBadCrawler = prometheus.NewCounterVec( + getBadCrawler = prometheus.NewCounterVec( prometheus.CounterOpts{ Name: "teler_badcrawler", Help: "Get lists of Bad Crawler requests", @@ -28,7 +28,7 @@ var ( []string{"remote_addr", "http_user_agent", "status"}, ) - GetDirBruteforce = prometheus.NewCounterVec( + getDirBruteforce = prometheus.NewCounterVec( prometheus.CounterOpts{ Name: "teler_dir_bruteforce", Help: "Get lists of Directories Bruteforced", @@ -36,7 +36,7 @@ var ( []string{"remote_addr", "request_uri", "status"}, ) - GetBadIP = prometheus.NewCounterVec( + getBadIP = prometheus.NewCounterVec( prometheus.CounterOpts{ Name: "teler_badip_count", Help: "Total number of Bad IP Addresses", @@ -44,7 +44,7 @@ var ( []string{"remote_addr"}, ) - GetBadReferrer = prometheus.NewCounterVec( + getBadReferrer = prometheus.NewCounterVec( prometheus.CounterOpts{ Name: "teler_bad_referrer", Help: "Get lists of Bad Referrer requests", @@ -64,7 +64,7 @@ var ( // Init will register a Prometheus metrics with the specified variables func Init() { prometheus.MustRegister( - GetBadCrawler, GetDirBruteforce, GetBadIP, - GetCWA, GetCVE, GetBadReferrer, GetThreatTotal, + getBadCrawler, getDirBruteforce, getBadIP, + getCWA, getCVE, getBadReferrer, GetThreatTotal, ) } diff --git a/pkg/metrics/send.go b/pkg/metrics/send.go new file mode 100644 index 00000000..ac9ba036 --- /dev/null +++ b/pkg/metrics/send.go @@ -0,0 +1,51 @@ +package metrics + +import ( + "strings" + + "github.com/prometheus/client_golang/prometheus" +) + +// Send logs to metrics +func Send(log map[string]string) { + var counter prometheus.Counter + + switch { + case strings.HasPrefix(log["category"], "Common Web Attack"): + counter = getCWA.WithLabelValues( + log["category"], + log["remote_addr"], + log["request_uri"], + log["status"], + ) + case strings.HasPrefix(log["category"], "CVE-"): + counter = getCVE.WithLabelValues( + log["category"], + log["remote_addr"], + log["request_uri"], + log["status"], + ) + case log["category"] == "Bad Crawler": + counter = getBadCrawler.WithLabelValues( + log["remote_addr"], + log["http_user_agent"], + log["status"], + ) + case log["category"] == "Bad IP Address": + counter = getBadIP.WithLabelValues( + log["remote_addr"], + ) + case log["category"] == "Bad Referrer": + counter = getBadReferrer.WithLabelValues( + log["http_referer"], + ) + case log["category"] == "Directory Bruteforce": + counter = getDirBruteforce.WithLabelValues( + log["remote_addr"], + log["request_uri"], + log["status"], + ) + } + + counter.Inc() +} diff --git a/pkg/teler/teler.go b/pkg/teler/teler.go index e6e064d0..779d22b0 100644 --- a/pkg/teler/teler.go +++ b/pkg/teler/teler.go @@ -65,13 +65,6 @@ func Analyze(options *common.Options, logs *gonx.Entry) (bool, map[string]string ) if match { - metrics.GetCWA.WithLabelValues( - log["category"], - log["remote_addr"], - log["request_uri"], - log["status"], - ).Inc() - break } } @@ -163,16 +156,6 @@ func Analyze(options *common.Options, logs *gonx.Entry) (bool, map[string]string if fq >= len(diff.Query()) { match = true - } - - if match { - metrics.GetCVE.WithLabelValues( - log["category"], - log["remote_addr"], - log["request_uri"], - log["status"], - ).Inc() - break } } @@ -191,12 +174,6 @@ func Analyze(options *common.Options, logs *gonx.Entry) (bool, map[string]string for _, pat := range strings.Split(data["content"], "\n") { if match = matchers.IsMatch(pat, log["http_user_agent"]); match { - metrics.GetBadCrawler.WithLabelValues( - log["remote_addr"], - log["http_user_agent"], - log["status"], - ).Inc() - break } } @@ -209,9 +186,6 @@ func Analyze(options *common.Options, logs *gonx.Entry) (bool, map[string]string ips := strings.Split(data["content"], "\n") match = matchers.IsMatchFuzz(log["remote_addr"], ips) - if match { - metrics.GetBadIP.WithLabelValues(log["remote_addr"]).Inc() - } case "Bad Referrer": log["element"] = "http_referer" if isWhitelist(options, log["http_referer"]) { @@ -229,9 +203,6 @@ func Analyze(options *common.Options, logs *gonx.Entry) (bool, map[string]string refs := strings.Split(data["content"], "\n") match = matchers.IsMatchFuzz(req.Host, refs) - if match { - metrics.GetBadReferrer.WithLabelValues(log["http_referer"]).Inc() - } case "Directory Bruteforce": log["element"] = "request_uri" @@ -249,17 +220,10 @@ func Analyze(options *common.Options, logs *gonx.Entry) (bool, map[string]string if req.Path != "/" { match = matchers.IsMatch(trimFirst(req.Path), data["content"]) } - - if match { - metrics.GetDirBruteforce.WithLabelValues( - log["remote_addr"], - log["request_uri"], - log["status"], - ).Inc() - } } if match { + metrics.Send(log) return match, log } }