GithubHelp home page GithubHelp logo

hartfordfive / cloudflarebeat Goto Github PK

View Code? Open in Web Editor NEW
11.0 3.0 8.0 15.84 MB

ELK beat to fetch Cloudflare logs via the Enterprise Log Share API

License: Other

Makefile 2.45% Go 94.22% Python 1.86% Shell 1.47%
cloudflare-logs go beats cloudflare logs

cloudflarebeat's Introduction

Cloudflarebeat

Custom beat to fetch Cloudflare logs via the Enterprise Log Share API.

Ensure that this folder is at the following location: ${GOPATH}/github.com/hartfordfive

Disclaimer

Cloudflarebeat is currently in beta therefore it likely has bugs and various optimizations that can be made. If you find any of these, please create an issue or even a pull request if you're familiar with development for beats library.

Acknoledgements

Special thank you to Lightspeed POS for providing access to test data, feedback and suggestions.

Getting Started with Cloudflarebeat

Basic Overview of Application Design

  1. API request is made to the Cloudflare ELS endpoint for logs within a specific time range, ending at the latest, 30 minutes AGO
  2. When the response is received, the gzip content is saved into a local file.
  3. Individual JSON log entries are read from the file one by one, individual fields are added into the event and then sent off to be published.
  4. Once all log entries in the file have been processed, the remaining log file is deleted, unless the user has specified the option to keep the original log files.

Requirements

Cloudflarebeat specific configuration options

  • cloudflarebeat.period : The period at which the cloudflare logs will be fetched. Regardless of the period, logs are always fetched from 30 MINUTES AGO - PERIOD to 30 MINUTES AGO. (Default value of period is 1800s/30mins)
  • cloudflarebeat.api_key : The API key of the user account (mandatory)
  • cloudflarebeat.email : The email address of the user account (mandatory)
  • cloudflarebeat.zone_tag : The zone tag of the domain for which you want to access the enterpise logs (mandatory)
  • cloudflarebeat.state_file_storage_type : The type of storage for the state file, either disk or s3, which keeps track of the current progress. (Default: disk)
  • cloudflarebeat.state_file_path : The path in which the state file will be saved (applicable only with disk storage type)
  • cloudflarebeat.state_file_name : The name of the state file
  • cloudflarebeat.aws_access_key : The user AWS access key, if S3 storage selected.
  • cloudflarebeat.aws_secret_access_key : The user AWS secret access key, if S3 storage selected.
  • cloudflarebeat.aws_s3_bucket_name : The name of the S3 bucket where the state file will be stored
  • cloudflarebeat.delete_logfile_after_processing : Delete the log files once the processing is complete (default: true)
  • cloudflarebeat.processed_events_buffer_size : The capacity of the processed events buffer channel (default: 1000)
  • cloudflarebeat.debug : Enable verbose debug mode, which includes debugging the HTTP requests to the ELS API.

Using S3 Storage for state file

For cloudflarebeat, it's probably best to create a seperate IAM user account, without a password and only this sample policy file. Best to limit the access of your user as a security practice.

Below is a sample of what the policy file would look like for the S3 storage. Please note you should replace my-cloudflarebeat-bucket-name with your bucket name that you've created in S3.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:ListBucket"
            ],
            "Resource": [
                "arn:aws:s3:::my-cloudflarebeat-bucket-name"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:PutObject",
                "s3:GetObject",
                "s3:DeleteObject"
            ],
            "Resource": [
                "arn:aws:s3:::my-cloudflarebeat-bucket-name/*"
            ]
        }
    ]
}

Filtering out specific logs and/or log properties

Please read the beats documentation regarding processors. This will allow you to filter events by field values or even remove event fields.

Init Project

To get running with Cloudflarebeat and also install the dependencies, run the following command:

make setup

It will create a clean git history for each major step. Note that you can always rewrite the history if you wish before pushing your changes.

To push Cloudflarebeat in the git repository, run the following commands:

git remote set-url origin https://github.com/hartfordfive/cloudflarebeat
git push origin master

For further development, check out the beat developer guide.

Build

To build the binary for Cloudflarebeat run the command below. This will generate a binary in the same directory with the name cloudflarebeat.

make

Run

To run Cloudflarebeat with debugging output enabled, run:

./cloudflarebeat -c cloudflarebeat.yml -e -d "*"

For details of command line options, view the following links:

Test

To test Cloudflarebeat, run the following command:

make testsuite

alternatively:

make unit-tests
make system-tests
make integration-tests
make coverage-report

The test coverage is reported in the folder ./build/coverage/

Update

Each beat has a template for the mapping in elasticsearch and a documentation for the fields which is automatically generated based on etc/fields.yml. To generate etc/cloudflarebeat.template.json and etc/cloudflarebeat.asciidoc

make update

Cleanup

To clean Cloudflarebeat source code, run the following commands:

make fmt
make simplify

To clean up the build directory and generated artifacts, run:

make clean

Clone

To clone Cloudflarebeat from the git repository, run the following commands:

mkdir -p ${GOPATH}/github.com/hartfordfive
cd ${GOPATH}/github.com/hartfordfive
git clone https://github.com/hartfordfive/cloudflarebeat

For further development, check out the beat developer guide.

Packaging

The beat frameworks provides tools to crosscompile and package your beat for different platforms. This requires docker and vendoring as described above. To build packages of your beat, run the following command:

make package

This will fetch and create all images required for the build process. The hole process to finish can take several minutes.

Author

Alain Lefebvre <hartfordfive 'at' gmail.com>

License

Covered under the Apache License, Version 2.0 Copyright (c) 2016 Alain Lefebvre

cloudflarebeat's People

Contributors

hartfordfive avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar

Forkers

wattpad theladbiblegroup netrix-emea resumecompanion scrypt0 chaos-monkey-island fearargentina jarvis-starkz

cloudflarebeat's Issues

Implement various process stats with expvar

In order to allow better instrumentation and simple monitoring integration with services like Datadog, some process specific stats like the following could potentially be added via expvar:

  • Total log entries received via CF API
  • Total invalid log entries no processed (invalid JSON)
  • Tota log entries processed for shipping
  • etc.

Log collection form ELS API for given time block can become too large

Although the ELS API currently does allow a count of items to be specified along with a timestamp start and end rage, it does not return any type of header returning how many logs items in total are within given time range. Due to this, a large number of logs may be downloaded which can become quite heavy for in-memory processing.

As a solution, the logs should initially be saved to a gzip file and then read from this file into smaller chunks.

Cloudflarebeat throws panic when processing data.

Hi,
I built cloudflarebeat on CentOS release 6.8 and have it running connected to Cloudflare. After a few minutes of running it will attempt to process some data and then throw a panic and crash. I'm hoping you can help out.

Thanks,

Debug output:

2017/03/10 20:24:43.076346 event.go:54: DBG  Dropped nil value from event where key=edge.rateLimitRuleId
2017/03/10 20:24:43.076361 event.go:54: DBG  Dropped nil value from event where key=edgeRequest.headers
2017/03/10 20:24:43.076371 event.go:54: DBG  Dropped nil value from event where key=edgeResponse.headers
2017/03/10 20:24:43.076380 event.go:54: DBG  Dropped nil value from event where key=edgeResponse.setCookies
2017/03/10 20:24:43.076396 event.go:54: DBG  Dropped nil value from event where key=clientRequest.cookies
2017/03/10 20:24:43.076409 event.go:54: DBG  Dropped nil value from event where key=cache.headers
2017/03/10 20:24:43.076427 event.go:54: DBG  Dropped nil value from event where key=cache.externalPort
2017/03/10 20:24:43.076439 event.go:54: DBG  Dropped nil value from event where key=cache.cacheFileKey
2017/03/10 20:24:43.076454 event.go:54: DBG  Dropped nil value from event where key=unstable
panic: interface conversion: interface {} is nil, not map[string]interface {}

goroutine 51 [running]:
panic(0xa2a0e0, 0xc420158780)
    /home/kegsofduff/repos/go/src/runtime/panic.go:500 +0x1a1
github.com/hartfordfive/cloudflarebeat/cloudflare.BuildMapStr(0xc4205b49c0, 0x129f)
    /home/kegsofduff/repos/go/src/github.com/hartfordfive/cloudflarebeat/cloudflare/utils.go:171 +0x644c
github.com/hartfordfive/cloudflarebeat/cloudflare.(*LogConsumer).PrepareEvents(0xc420223700)
    /home/kegsofduff/repos/go/src/github.com/hartfordfive/cloudflarebeat/cloudflare/logconsumer.go:139 +0x65c
created by github.com/hartfordfive/cloudflarebeat/beater.(*Cloudflarebeat).DownloadAndPublish
    /home/kegsofduff/repos/go/src/github.com/hartfordfive/cloudflarebeat/beater/cloudflarebeat.go:142 +0xc1

Update incomplete fields.yml file

The fields.yml file was accidentally missed as the index templates were manually created. The file should be completed so that both templates can get automatically generated with the make update command.

startTimestamp & endTimestamp sometimes returned as int64 causing interface conversion error

For example, in some cases, the "cache" object is found to have startTimestamp and endTimestamp as int64 values instead of float64, which causes a panic :

  "cache": {
    "bckType": "byc",
    "cacheExternalIp": "172.68.65.143",
    "cacheExternalPort": 14949,
    "cacheFileKey": null,
    "cacheInternalIp": "10.16.10.140",
    "cacheServerName": "16c21",
    "cacheStatus": "unknown",
    "cacheTokens": 0,
    "endTimestamp": 1479096904397,
    "startTimestamp": 1479096904198
  }

Resulting panic:

goroutine 1 [running]:
panic(0x5b9980, 0xc4204aee40)
	/usr/local/Cellar/go/1.7.1/libexec/src/runtime/panic.go:500 +0x1a1
github.com/hartfordfive/cloudflarebeat/cloudflare.(*CloudflareClient).doRequest(0xc420330320, 0x6726e4, 0x18, 0xc420626180, 0xc420531b40, 0xe4cb, 0x990a90, 0xc4204b0048, 0xc420531bb8)
	/usr/local/go/src/github.com/hartfordfive/cloudflarebeat/cloudflare/client.go:163 +0x1265
github.com/hartfordfive/cloudflarebeat/cloudflare.(*CloudflareClient).GetLogRangeFromTimestamp(0xc420330320, 0xc420626180, 0xc420531c38, 0xc420531c28, 0xc4204b0048, 0x0, 0x0)
	/usr/local/go/src/github.com/hartfordfive/cloudflarebeat/cloudflare/client.go:201 +0x4a
github.com/hartfordfive/cloudflarebeat/beater.(*Cloudflarebeat).Run(0xc420226210, 0xc4201e4000, 0xc4201e40a8, 0xb)
	/usr/local/go/src/github.com/hartfordfive/cloudflarebeat/beater/cloudflarebeat.go:103 +0x654
github.com/hartfordfive/cloudflarebeat/vendor/github.com/elastic/beats/libbeat/beat.(*Beat).launch(0xc4201e4000, 0x6b5bf0, 0x0, 0x0)
	/usr/local/go/src/github.com/hartfordfive/cloudflarebeat/vendor/github.com/elastic/beats/libbeat/beat/beat.go:208 +0x687
github.com/hartfordfive/cloudflarebeat/vendor/github.com/elastic/beats/libbeat/beat.Run(0x66ace4, 0xe, 0x0, 0x0, 0x6b5bf0, 0xe99ce, 0xc4200001a0)
	/usr/local/go/src/github.com/hartfordfive/cloudflarebeat/vendor/github.com/elastic/beats/libbeat/beat/beat.go:133 +0x65

Process encountering "too many files open" error after running for for many days

Seems like the current functions processing file handles within logconsumer.go are not properly closing file handles. As a result, after a period of a few days, you can the application logs entries containing the error too many files open. This can be verified by running lost -p [PID] which in some cases, many thousand files were noticed to be open.

Need to verify and update the code so that file handles are properly managed and closed to prevent dangling open file handles.

Add ability to process list pre-existing CF log files and then exit once completed.

If some users have one or many existing log files for the Cloudflare Enterprise Log Share, and don't want to necessarily continuously index new log entries, there's no way allow this currently.

A -once flag option could be added and consequently read logs from all the files matching the -log-file-pattern flag, using the filepath.Glob function. The beat process would then exit after processing all files. Also, the -delete-on-complete flag could indicate if the matching log files are to be deleted one processing complete.

make setup missing target `collect'

Hi,

Setup:
GOROOT and GOPATH set
go get -v github.com/elastic/beats (installs to ${GOPATH}/src/github.com/elastic/beats)
clone this project to ${GOPATH}/github.com/hartfordfive/cloudflarebeat
Run make setup

Fails with:

$ make setup
mkdir -p vendor/github.com/elastic/
cp -R /Users/az/go/src/github.com/elastic/beats vendor/github.com/elastic/
rm -rf vendor/github.com/elastic/beats/.git
make update
make[1]: *** No rule to make target `collect', needed by `update'.  Stop.
make: *** [setup] Error 2

This could be related to elastic/beats#2997

After adding an empty target....

# Collects all dependencies and then calls update
# A collect target is required by libbeat
.PHONY: collect
collect:

...we have the follwing error:

$ make setup
mkdir -p vendor/github.com/elastic/
cp -R /Users/az/go/src/github.com/elastic/beats vendor/github.com/elastic/
rm -rf vendor/github.com/elastic/beats/.git
make update
Updating generated files for libbeat
cat: _meta/beat.yml: No such file or directory
cat: _meta/beat.yml: No such file or directory
cp: cannot stat '_meta/fields.yml': No such file or directory
make[1]: *** [update] Error 1
make: *** [setup] Error 2

So we extended the Makefile collect target:

# Collects all dependencies and then calls update
# A collect target is required by libbeat
.PHONY: collect
collect:
	@mkdir -p _meta
	@cp etc/fields.yml _meta/fields.yml

Now make setup runs through.

After that, make fails with

$ make
go build -i
main.go:8:2: cannot find package "github.com/hartfordfive/cloudflarebeat/beater" in any of:
	/opt/local/lib/go/src/github.com/hartfordfive/cloudflarebeat/beater (from $GOROOT)
	/Users/az/go/src/github.com/hartfordfive/cloudflarebeat/beater (from $GOPATH)

When I symlink ${GOPATH}/github.com/hartfordfive/cloudflarebeat} (the current working dir) to ${GOPATH}/src/github.com/hartfordfive, the errors continue:

$ make
go build -i
../../../src/github.com/hartfordfive/cloudflarebeat/cloudflare/statefile.go:14:2: cannot find package "github.com/aws/aws-sdk-go/aws" in any of:
	/Users/az/go/src/github.com/hartfordfive/cloudflarebeat/vendor/github.com/aws/aws-sdk-go/aws (vendor tree)
	/opt/local/lib/go/src/github.com/aws/aws-sdk-go/aws (from $GOROOT)
	/Users/az/go/src/github.com/aws/aws-sdk-go/aws (from $GOPATH)
../../../src/github.com/hartfordfive/cloudflarebeat/cloudflare/statefile.go:15:2: cannot find package "github.com/aws/aws-sdk-go/aws/credentials" in any of:
	/Users/az/go/src/github.com/hartfordfive/cloudflarebeat/vendor/github.com/aws/aws-sdk-go/aws/credentials (vendor tree)
	/opt/local/lib/go/src/github.com/aws/aws-sdk-go/aws/credentials (from $GOROOT)
	/Users/az/go/src/github.com/aws/aws-sdk-go/aws/credentials (from $GOPATH)
../../../src/github.com/hartfordfive/cloudflarebeat/cloudflare/statefile.go:16:2: cannot find package "github.com/aws/aws-sdk-go/aws/session" in any of:
	/Users/az/go/src/github.com/hartfordfive/cloudflarebeat/vendor/github.com/aws/aws-sdk-go/aws/session (vendor tree)
	/opt/local/lib/go/src/github.com/aws/aws-sdk-go/aws/session (from $GOROOT)
	/Users/az/go/src/github.com/aws/aws-sdk-go/aws/session (from $GOPATH)
../../../src/github.com/hartfordfive/cloudflarebeat/cloudflare/statefile.go:17:2: cannot find package "github.com/aws/aws-sdk-go/service/s3" in any of:
	/Users/az/go/src/github.com/hartfordfive/cloudflarebeat/vendor/github.com/aws/aws-sdk-go/service/s3 (vendor tree)
	/opt/local/lib/go/src/github.com/aws/aws-sdk-go/service/s3 (from $GOROOT)
	/Users/az/go/src/github.com/aws/aws-sdk-go/service/s3 (from $GOPATH)
../../../src/github.com/hartfordfive/cloudflarebeat/cloudflare/client.go:10:2: cannot find package "github.com/franela/goreq" in any of:
	/Users/az/go/src/github.com/hartfordfive/cloudflarebeat/vendor/github.com/franela/goreq (vendor tree)
	/opt/local/lib/go/src/github.com/franela/goreq (from $GOROOT)
	/Users/az/go/src/github.com/franela/goreq (from $GOPATH)
import cycle not allowed
package .
	imports github.com/hartfordfive/cloudflarebeat/beater
	imports github.com/elastic/beats/libbeat/publisher
	imports github.com/elastic/beats/libbeat/outputs
	imports github.com/elastic/beats/libbeat/publisher
../../../src/github.com/hartfordfive/cloudflarebeat/cloudflare/logconsumer.go:14:2: cannot find package "github.com/pquerna/ffjson/ffjson" in any of:
	/Users/az/go/src/github.com/hartfordfive/cloudflarebeat/vendor/github.com/pquerna/ffjson/ffjson (vendor tree)
	/opt/local/lib/go/src/github.com/pquerna/ffjson/ffjson (from $GOROOT)
	/Users/az/go/src/github.com/pquerna/ffjson/ffjson (from $GOPATH)
make: *** [libbeat] Error 1

After...

go get github.com/aws/aws-sdk-go
go get github.com/franela/goreq
go get github.com/franela/goreq

... we are stuck at

$ make
go build -i
import cycle not allowed
package .
	imports github.com/hartfordfive/cloudflarebeat/beater
	imports github.com/elastic/beats/libbeat/publisher
	imports github.com/elastic/beats/libbeat/outputs
	imports github.com/elastic/beats/libbeat/publisher
make: *** [libbeat] Error 1

At this point, I give up. I'm no expert in go or beats in particular, so please excuse if this question was already posted (solved?) somewhere else.

To sum it up: does cloudflarebeat work with current versions of beats?

having error : ERR Could not open file for reading: gzip: invalid header

Hello I have been trying to find the resolution to this :

I am using cloudflarebeat-0.2.0-linux-x86_64.tar.gz

.../hartfordfive/cloudflarebeat # ./cloudflarebeat -c cloudflarebeat.yml -e -d "*"
2020/01/14 18:16:29.788932 beat.go:267: INFO Home path: [/opt/github.com/hartfordfive/cloudflarebeat] Config path: [/opt/github.com/hartfordfive/cloudflarebeat] Data path: [/opt/github.com/hartfordfive/cloudflarebeat/data] Logs path: [/opt/github.com/hartfordfive/cloudflarebeat/logs]
2020/01/14 18:16:29.788964 beat.go:177: INFO Setup Beat: cloudflarebeat; Version: 6.0.0-alpha1
2020/01/14 18:16:29.788977 processor.go:43: DBG Processors:
2020/01/14 18:16:29.788986 beat.go:183: DBG Initializing output plugins
2020/01/14 18:16:29.789153 output.go:167: INFO Loading template enabled. Reading template file: /opt/github.com/hartfordfive/cloudflarebeat/cloudflarebeat.template.json
2020/01/14 18:16:29.789594 output.go:178: INFO Loading template enabled for Elasticsearch 2.x. Reading template file: /opt/github.com/hartfordfive/cloudflarebeat/cloudflarebeat.template-es2x.json
2020/01/14 18:16:29.790035 client.go:120: INFO Elasticsearch url: http://0.0.0.0:9200
2020/01/14 18:16:29.790101 logp.go:219: INFO Metrics logging every 30s
2020/01/14 18:16:29.790079 outputs.go:106: INFO Activated elasticsearch as output plugin.
2020/01/14 18:16:29.790143 publish.go:234: DBG Create output worker
2020/01/14 18:16:29.790189 publish.go:276: DBG No output is defined to store the topology. The server fields might not be filled.
2020/01/14 18:16:29.790226 publish.go:291: INFO Publisher name: domain-test.com
2020/01/14 18:16:29.790413 async.go:63: INFO Flush Interval set to: 1s
2020/01/14 18:16:29.790423 async.go:64: INFO Max Bulk Size set to: 50
2020/01/14 18:16:29.790428 async.go:72: DBG create bulk processing worker (interval=1s, bulk size=50)
2020/01/14 18:16:29.790505 statefile.go:91: INFO Initializing state file 'logs-exceleron.com.state' with storage type 'disk'
2020/01/14 18:16:29.791132 statefile.go:123: INFO Saving newly initialized state file.
2020/01/14 18:16:29.791156 statefile.go:125: INFO [ERROR] Could not save new state file: open logs-exceleron.com.state: no such file or directory
2020/01/14 18:16:29.791329 beat.go:207: INFO cloudflarebeat start running.
2020/01/14 18:16:29.791341 cloudflarebeat.go:76: INFO cloudflarebeat is running! Hit CTRL-C to stop it.
2020/01/14 18:16:29.791349 cloudflarebeat.go:109: INFO Starting ticker with period of 5 minute(s)
2020/01/14 18:16:59.791236 logp.go:232: INFO No non-zero metrics in the last 30s
2020/01/14 18:17:29.791157 logp.go:232: INFO No non-zero metrics in the last 30s
2020/01/14 18:17:59.791164 logp.go:232: INFO No non-zero metrics in the last 30s
2020/01/14 18:18:29.791162 logp.go:232: INFO No non-zero metrics in the last 30s
2020/01/14 18:18:59.791156 logp.go:232: INFO No non-zero metrics in the last 30s
2020/01/14 18:19:29.791109 logp.go:232: INFO No non-zero metrics in the last 30s
2020/01/14 18:19:59.791169 logp.go:232: INFO No non-zero metrics in the last 30s
2020/01/14 18:20:29.790357 logp.go:232: INFO No non-zero metrics in the last 30s
2020/01/14 18:20:59.790284 logp.go:232: INFO No non-zero metrics in the last 30s
2020/01/14 18:21:29.791128 logp.go:232: INFO No non-zero metrics in the last 30s
2020/01/14 18:21:29.792091 cloudflarebeat.go:166: INFO Log files for time period 1579023989 to 1579024289 have been queued for download/processing.
2020/01/14 18:21:29.792107 cloudflarebeat.go:146: INFO Creating worker to publish events
2020/01/14 18:21:29.792190 logconsumer.go:61: INFO Downloading log segment #0 from 1579023989 to 1579024039
2020/01/14 18:21:29.792263 client.go:82: DBG Downloading log file...
2020/01/14 18:21:29.793917 logconsumer.go:61: INFO Downloading log segment #1 from 1579024040 to 1579024090
2020/01/14 18:21:29.793966 client.go:82: DBG Downloading log file...
2020/01/14 18:21:29.794133 logconsumer.go:61: INFO Downloading log segment #2 from 1579024091 to 1579024141
2020/01/14 18:21:29.794149 client.go:82: DBG Downloading log file...
2020/01/14 18:21:29.794234 logconsumer.go:61: INFO Downloading log segment #3 from 1579024142 to 1579024192
2020/01/14 18:21:29.794247 client.go:82: DBG Downloading log file...
2020/01/14 18:21:29.794329 logconsumer.go:61: INFO Downloading log segment #4 from 1579024193 to 1579024243
2020/01/14 18:21:29.794340 client.go:82: DBG Downloading log file...
2020/01/14 18:21:29.794422 logconsumer.go:61: INFO Downloading log segment #5 from 1579024244 to 1579024294
2020/01/14 18:21:29.794435 client.go:82: DBG Downloading log file...
2020/01/14 18:21:29.914584 client.go:97: DBG Downloaded 232 bytes
2020/01/14 18:21:29.914613 logconsumer.go:76: INFO Total download time for log file: 0 seconds
2020/01/14 18:21:29.914625 logconsumer.go:113: INFO Log file cloudflare_logs_1579024091_to_1579024141.txt.gz ready for processing.
2020/01/14 18:21:29.914640 logconsumer.go:123: INFO Opening gziped file cloudflare_logs_1579024091_to_1579024141.txt.gz for reading...
2020/01/14 18:21:29.914685 logconsumer.go:126: ERR Could not open file for reading: gzip: invalid header
2020/01/14 18:21:29.914756 client.go:97: DBG Downloaded 232 bytes
2020/01/14 18:21:29.914773 logconsumer.go:76: INFO Total download time for log file: 0 seconds
2020/01/14 18:21:29.914783 logconsumer.go:113: INFO Log file cloudflare_logs_1579024142_to_1579024192.txt.gz ready for processing.
2020/01/14 18:21:29.914796 logconsumer.go:123: INFO Opening gziped file cloudflare_logs_1579024142_to_1579024192.txt.gz for reading...
2020/01/14 18:21:29.914827 logconsumer.go:126: ERR Could not open file for reading: gzip: invalid header

go panic error caused by IPv6 address client.ip field

I realized that when the field client.ip, of ELS Cloudflare API, is a IPv6 address, the cloudflarebeat stop working, caused by go panic error. The output of cloudflarebeat is:

2017-04-25T15:29:20-03:00 WARN Can not index event (status=400): {"type":"mapper_parsing_exception","reason":"failed to parse [client.ip]","caused_by":{"type":"illegal_argument_exception","reason":"failed to parse ip [2603:3005:90d:2500:e4ce:e41f:3a8b:6d49], not a valid ipv4 address (4 dots)"}}
panic: interface conversion: interface {} is nil, not map[string]interface {}

And the go panic error is:

goroutine 30 [running]:
panic(0xa46160, 0xc4203d52c0)
	/opt/go/src/runtime/panic.go:500 +0x1a1
github.com/hartfordfive/cloudflarebeat/cloudflare.BuildMapStr(0xc4204563f0, 0x6c8)
	/opt/go/packages/src/github.com/hartfordfive/cloudflarebeat/cloudflare/utils.go:171 +0x644c
github.com/hartfordfive/cloudflarebeat/cloudflare.(*LogConsumer).PrepareEvents(0xc4201d1000)
	/opt/go/packages/src/github.com/hartfordfive/cloudflarebeat/cloudflare/logconsumer.go:139 +0x65c
created by github.com/hartfordfive/cloudflarebeat/beater.(*Cloudflarebeat).DownloadAndPublish
	/opt/go/packages/src/github.com/hartfordfive/cloudflarebeat/beater/cloudflarebeat.go:142 +0xc1

Add ability to specify max backfill time in seconds

If the process stats for a prolonged period of time and starts up again, it may potentially attempt to catch up for hours or even days worth of logs at once. A config value such as max_backfill_seconds should be added which will indicate the max number of seconds in the past to go back and request logs.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.