Git Product home page Git Product logo

tcp2canopsis's Introduction

TCP to Canopsis connector

https://travis-ci.org/linkdd/tcp2canopsis.svg?branch=master

This package provides a connector which listen for events on a TCP port.

Usage

Run the script on a designated port (8000 in this example) and with the URL of the AMQP server:

$ tcp2canopsis -p 8000 -a "amqp://guest:guest@localhost:5672/" -t token

Then use telnet to publish events:

$ telnet localhost 8000
Trying ::1...
Connected to localhost.
Escape character is '^]'.
token
{"connector": "test", "connector_name": "testname", "event_type": "check", "source_type": "resource", "component": "testcmp", "resource": "testrsrc", "state": 0, "output": "test output"}
{"connector": "test", "connector_name": "testname", "event_type": "check", "source_type": "resource", "component": "testcmp", "resource": "testrsrc", "state": 1, "output": "test output 2"}
{"connector": "test", "connector_name": "testname", "event_type": "check", "source_type": "resource", "component": "testcmp", "resource": "testrsrc", "state": 0, "output": "test output 3"}
Connection closed by foreign host.

Or in a JSON file:

{"tcp2canopsis": {
    "port": 8000,
    "amqp": "amqp://guest:guest@localhost:5672/",
    "token": "token"
}}

And load the file using:

$ tcp2canopsis -c path/to/config.json

Configuration keys

  • port: AMQP port
  • amqp: AMQP URI
  • token: authentication token
  • realroute: amqp or devnull. devnull just ignore events

SSL

If using configuration via command line, use those options:

$ tcp2canopsis --ssl-cert server.pem --ssl-key server.key

NB: other options are still mandatory

Or via the configuration file:

{"tcp2canopsis": {
    "port": 8000,
    "amqp": "amqp://guest:guest@localhost:5672/",
    "token": "token",
    "ssl-cert": "server.pem",
    "ssl-key": "server.key"
}}

Then, instead of telnet, use this command to test the connector:

$ openssl s_client -quiet -connect localhost:8000 -CAfile ca.pem -crlf
testtoken
{"connector": "test", "connector_name": "testname", "event_type": "check", "source_type": "resource", "component": "testcmp", "resource": "testrsrc", "state": 0, "output": "test output"}

Installation

Just type:

$ pip install tcp2canopsis

Or, to install it in a locally:

$ ./makefile

This will create a virtual Python environment in the current folder, and install the dependencies listed by requirements.txt. Finally, it will perform a python setup.py install.

After executing this script, the connector will be available in the current folder (which is now a virtual Python environment).

Connector on boot

CentOS

Copy the initscript and add the configuration file:

$ cp contrib/tcp2canopsis.init.centos.sh /etc/init.d/tcp2canopsis
$ cat > /etc/sysconfig/tcp2canopsis << "EOF"
CONNECTOR_DIR="/path/to/tcp2canopsis/virtualenv"
EOF

Debian

TODO

systemd

TODO

tcp2canopsis's People

Contributors

linkdd avatar

Watchers

avatar James Cloos avatar Florent Peterschmitt avatar avatar

tcp2canopsis's Issues

Authentication

Actually, the daemon will accept events from every one.
This can be a huge security flaw if the service is exposed to Internet.

A token will have to be set by the administrator, in the configuration file.
The connector will be able to ignore everything from a connection who haven't send the token first.

SSL authentication

Would be useful to allow the user to use X.509 certificates to authenticate himself on the connector.

An option to enable it will be added to the configuration file, with a path to the revocation list.

A field author will be added to the event with the certificate's common name as value.

Debug mode

At this time you cannot print received messages on stdout.
You need to catch messages on AMQP directly.
You could add a kind of debug mode => disable forward to AMQP and enable stdout printing

Add a monitoring check

It could be nice to add a way to monitor tcp2canopsis.
Maybe you could answer to a specific pattern given to the socket ? ping -> pong

SSL encapsulation

The token will be transmitted to the server in plain text.
This is still a security flaw, if someone is sniffing the network.

SSL encapsulation would prevent this.
The location of the certificate authority and server certificate will have to be defined in the configuration (or via the commad-line).

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.