diff --git a/config.yml.example b/config.yml.example index ec04a64..032888e 100644 --- a/config.yml.example +++ b/config.yml.example @@ -1,5 +1,3 @@ -environment: production - connectors: - file: connectorRIS name: ris @@ -161,15 +159,9 @@ reports: # Defines the amount of seconds after which an alert can be repeated. An alert is repeated only if the event that # triggered it is not yet solved. Please, don't set this value to Infinity, use instead alertOnlyOnce. # -# - alertOnlyOnce - A boolean that, if set to true, will prevent repetitions of the same alert even if the event that -# triggered it is not yet solved. In this case notificationIntervalSeconds will be ignored. -# If set to true, the signature of all alerts will be cached in order to recognize if they already happened in -# the past. This may lead to a memory leak if the amount of alerts is considerable. notificationIntervalSeconds: 7200 -alertOnlyOnce: false -############################ logging: directory: logs @@ -181,6 +173,7 @@ logging: checkForUpdatesAtBoot: true + ############################ # Process monitoring settings: # Uncomment or add classes under uptimeMonitors if you want to monitor or send logs about the status of the BGPalerter process @@ -198,11 +191,7 @@ checkForUpdatesAtBoot: true # intervalSeconds: 300 # method: get -############################ -pidFile: bgpalerter.pid -maxMessagesPerSecond: 6000 -multiProcess: false ############################ # Below the files containing the monitored prefixes. Please see prefixes.yml for an example. @@ -210,3 +199,18 @@ multiProcess: false monitoredPrefixesFiles: - prefixes.yml + + + +############################ +# Advanced settings (Don't touch here!) +# Please, refer to the documentation for knowing the meaning of the following parameters. + +alertOnlyOnce: false +fadeOffSeconds: 360 +checkFadeOffGroupsSeconds: 30 +pidFile: bgpalerter.pid +maxMessagesPerSecond: 6000 +multiProcess: false +environment: production + diff --git a/docs/configuration.md b/docs/configuration.md index 130e4ae..4506256 100644 --- a/docs/configuration.md +++ b/docs/configuration.md @@ -6,7 +6,6 @@ The following are common parameters which it is possible to specify in the confi | Parameter | Description | Expected format | Example | Required | |---|---|---|---|---| -|environment| You can specify various environments. The values "production" (not verbose) and "development" (verbose) will affect the verbosity of the error/debug logs. Other values don't affect the functionalities, they will be used to identify from which environment the log is coming from. | A string | production | Yes | |notificationIntervalSeconds|Defines the amount of seconds after which an alert can be repeated. An alert is repeated only if the event that triggered it is not yet solved. Please, don't set this value to Infinity, use instead alertOnlyOnce. | An integer | 1800 | Yes | |monitoredPrefixesFiles| The [list](docs/prefixes.md#array) of files containing the prefixes to monitor. See [here](docs/prefixes.md#prefixes) for more informations. | A list of strings (valid .yml files) | -prefixes.yml | Yes | |logging| A dictionary of parameters containing the configuration for the file logging. | || Yes| @@ -23,12 +22,14 @@ The following are advanced parameters, please don't touch them if you are not do | Parameter | Description | Expected format | Example | Required | |---|---|---|---|---| +|environment| You can specify various environments. The values "production" (not verbose) and "development" (verbose) will affect the verbosity of the error/debug logs. Other values don't affect the functionalities, they will be used to identify from which environment the log is coming from. | A string | production | Yes | |alertOnlyOnce| A boolean that, if set to true, will prevent repetitions of the same alert in the future (which it doesn't make sense for production purposes). In this case notificationIntervalSeconds will be ignored. If set to true, the signature of all alerts will be cached in order to recognize if they already happened in the past. This may lead to a memory leak if the amount of alerts is considerable. | A boolean | false | No | |pidFile| A file where the PID of the BGP alerter master process is recorded. | A string | bgpalerter.pid | No | |logging.backlogSize| Indicates the buffer dimension (number of alerts) before flushing it on the disk. This parameter plays a role only when receiving thousand of alerts per second in order to prevent IO starvation, in all other cases (e.g. production monitoring) it is irrelevant. | An integer | 15 | Yes | -|maxMessagesPerSecond| A cap to the BGP messages received, over such cap the messages will be dropped. The default value is way above any practical rate. This may be useful for research measurements on the entire address space. | An intefer | 6000 | No | +|maxMessagesPerSecond| A cap to the BGP messages received, over such cap the messages will be dropped. The default value is way above any practical rate. This may be useful for research measurements on the entire address space. | An integer | 6000 | No | |multiProcess| If set to true, the processing of the BGP messages will be distributed on two processes. This may be useful for research measurements on the entire address space. It is discouraged to set this to true for normal production monitoring. | A boolean | false | No | - +|fadeOffSeconds| If an alert is generated but cannot be yet squashed (e.g. not reached yet the `thresholdMinPeers`), it is inserted in a temporary list which is garbage collected after the amount of seconds expressed in `fadeOffSeconds`. Due to BGP propagation times, values below 5 minutes can result in false negatives.| An integer | 360 | No | +|checkFadeOffGroupsSeconds| Amount of seconds after which the process checks for fading off alerts. | An integer | 30 | No | @@ -128,6 +129,10 @@ In particular, it will monitor for all the declared prefixes and will trigger an * A more specific of the prefix has been announced by an AS which is different from the ones specified. * The BGP update declares an AS_SET as origin and at least one of the AS in the AS_SET is not specified in the configuration. +Example of alert: +> The prefix 2a00:5884::/32 (description associated with the prefix) is announced by AS15563 instead of AS204092 + + Parameters for this monitor module: |Parameter| Description| @@ -142,6 +147,9 @@ This monitor has the logic to detect loss of visibility. In particular, it will monitor for all the declared prefixes and will trigger an alert when: * The prefix is not visible anymore from at least `thresholdMinPeers` peers. +Example of alert: +> The prefix 165.254.225.0/24 (description associated with the prefix) has been withdrawn. It is no longer visible from 4 peers + Parameters for this monitor module: |Parameter| Description| @@ -170,6 +178,9 @@ This monitor detects BGP updates containing AS_PATH which match particular regul More path matching options are available, see the entire list [here](prefixes.md#prefixes-fields) +Example of alert: +> Matched "an example on path matching" on prefix 98.5.4.3/22 (including length violation) 1 times + Parameters for this monitor module: |Parameter| Description| @@ -196,6 +207,11 @@ In particular, it will monitor for all the declared prefixes and will trigger an > ``` > If in config.yml monitorNewPrefix is enabled you will receive alerts every time a more specific prefix (e.g. 50.82.4.0/24) is announced by AS58302. + +Example of alert: +> A new prefix 165.254.255.0/25 is announced by AS15562. It should be instead 165.254.255.0/24 (description associated with the prefix) announced by AS15562 + + Parameters for this monitor module: |Parameter| Description| @@ -228,6 +244,10 @@ This is useful if you want to be alerted in case your AS starts announcing somet You can generate the options block in the prefixes list automatically. Refer to the options `-s` and `-m` in the [auto genere prefixes documentation](prefixes.md#generate). + +Example of alert: +> AS2914 is announcing 2.2.2.3/22 but this prefix is not in the configured list of announced prefixes + Parameters for this monitor module: |Parameter| Description| diff --git a/src/connectors/connectorSwUpdates.js b/src/connectors/connectorSwUpdates.js index 066c429..edc946b 100644 --- a/src/connectors/connectorSwUpdates.js +++ b/src/connectors/connectorSwUpdates.js @@ -37,7 +37,6 @@ export default class ConnectorSwUpdates extends Connector{ constructor(name, params, env) { super(name, params, env); - this.timer = null; } connect = () => @@ -73,7 +72,7 @@ export default class ConnectorSwUpdates extends Connector{ if (this.config.checkForUpdatesAtBoot){ this._checkForUpdates(); } - this.timer = setInterval(this._checkForUpdates, 1000 * 3600 * 24 * 5); // Check every 5 days + setInterval(this._checkForUpdates, 1000 * 3600 * 24 * 5); // Check every 5 days resolve(true); }); diff --git a/src/env.js b/src/env.js index 5f9290d..07a7692 100644 --- a/src/env.js +++ b/src/env.js @@ -126,7 +126,9 @@ let config = { maxFiles: "14d", }, checkForUpdatesAtBoot: true, - pidFile: "bgpalerter.pid" + pidFile: "bgpalerter.pid", + fadeOffSeconds: 360, + checkFadeOffGroupsSeconds: 30 }; diff --git a/src/monitors/monitor.js b/src/monitors/monitor.js index 789ea75..171b1e1 100644 --- a/src/monitors/monitor.js +++ b/src/monitors/monitor.js @@ -50,10 +50,9 @@ export default class Monitor { this.fadeOff = {}; // Dictionary containing the last alert unix timestamp of each group which contains alerts that have been triggered but are not ready yet to be sent (e.g. thresholdMinPeers not yet reached) this.internalConfig = { - notificationInterval: this.config.notificationIntervalSeconds * 1000, - checkFadeOffGroups: 30 * 1000, - fadeOff: 10 * 60 * 1000, - clearNotificationQueueAfterSeconds: (this.config.notificationIntervalSeconds * 1000 * 3) / 2 + notificationInterval: (this.config.notificationIntervalSeconds || 7200) * 1000, + checkFadeOffGroups: this.config.checkFadeOffGroupsSeconds || 30 * 1000, + fadeOff: this.config.fadeOffSeconds * 1000 || 60 * 6 * 1000 }; setInterval(this._publishFadeOffGroups, this.internalConfig.checkFadeOffGroups); diff --git a/src/monitors/monitorNewPrefix.js b/src/monitors/monitorNewPrefix.js index 41d7cfe..a281a1f 100644 --- a/src/monitors/monitorNewPrefix.js +++ b/src/monitors/monitorNewPrefix.js @@ -55,7 +55,7 @@ export default class MonitorNewPrefix extends Monitor { const message = alerts[0].matchedMessage; const matchedRule = alerts[0].matchedRule; - return `Possible change of configuration. A new prefix ${message.prefix} is announced by ${message.originAS}. It is a more specific of ${matchedRule.prefix} (${matchedRule.description}).`; + return `Possible change of configuration. A new prefix ${message.prefix} is announced by ${message.originAS}. It is a more specific of ${matchedRule.prefix} (${matchedRule.description})`; } diff --git a/src/monitors/monitorPath.js b/src/monitors/monitorPath.js index b65aa61..c6c31f7 100644 --- a/src/monitors/monitorPath.js +++ b/src/monitors/monitorPath.js @@ -54,7 +54,7 @@ export default class MonitorPath extends Monitor { if (peers >= this.thresholdMinPeers) { const lengthViolation = (alerts.some(i => i.extra.lengthViolation)) ? "(including length violation) " : ""; - return `Matched ${alerts[0].matchedRule.path.matchDescription} on prefix ${alerts[0].matchedMessage.prefix} ${lengthViolation}${alerts.length} times.`; + return `Matched ${alerts[0].matchedRule.path.matchDescription} on prefix ${alerts[0].matchedMessage.prefix} ${lengthViolation}${alerts.length} times`; } return false; diff --git a/src/monitors/monitorVisibility.js b/src/monitors/monitorVisibility.js index 495279d..3227d62 100644 --- a/src/monitors/monitorVisibility.js +++ b/src/monitors/monitorVisibility.js @@ -63,8 +63,8 @@ export default class MonitorVisibility extends Monitor { if (peers >= this.thresholdMinPeers) { return (peers === 1) ? - `The prefix ${alerts[0].matchedMessage.prefix} (${alerts[0].matchedRule.description}) it's no longer visible (withdrawn) from the peer ${alerts[0].matchedMessage.peer}.` : - `The prefix ${alerts[0].matchedMessage.prefix} (${alerts[0].matchedRule.description}) has been withdrawn. It is no longer visible from ${peers} peers.`; + `The prefix ${alerts[0].matchedMessage.prefix} (${alerts[0].matchedRule.description}) it's no longer visible (withdrawn) from the peer ${alerts[0].matchedMessage.peer}` : + `The prefix ${alerts[0].matchedMessage.prefix} (${alerts[0].matchedRule.description}) has been withdrawn. It is no longer visible from ${peers} peers`; } else { return false; } diff --git a/tests/2_alerting.js b/tests/2_alerting.js index 6340d31..b51c68e 100644 --- a/tests/2_alerting.js +++ b/tests/2_alerting.js @@ -53,13 +53,13 @@ describe("Alerting", function () { id: '165.254.225.0/24', origin: 'withdrawal-detection', affected: 15562, - message: 'The prefix 165.254.225.0/24 (description 1) has been withdrawn. It is no longer visible from 4 peers.' + message: 'The prefix 165.254.225.0/24 (description 1) has been withdrawn. It is no longer visible from 4 peers' }, "2a00:5884::/32": { id: '2a00:5884::/32', origin: 'withdrawal-detection', affected: "204092-45", - message: 'The prefix 2a00:5884::/32 (alarig fix test) has been withdrawn. It is no longer visible from 4 peers.' + message: 'The prefix 2a00:5884::/32 (alarig fix test) has been withdrawn. It is no longer visible from 4 peers' } }; @@ -216,7 +216,7 @@ describe("Alerting", function () { id: '1234-175.254.205.0/25', origin: 'prefix-detection', affected: 1234, - message: 'Possible change of configuration. A new prefix 175.254.205.0/25 is announced by AS1234. It is a more specific of 175.254.205.0/24 (include exclude test).', + message: 'Possible change of configuration. A new prefix 175.254.205.0/25 is announced by AS1234. It is a more specific of 175.254.205.0/24 (include exclude test)', data: [ { extra: {}, @@ -244,7 +244,7 @@ describe("Alerting", function () { id: '1234-170.254.205.0/25', origin: 'prefix-detection', affected: 1234, - message: 'Possible change of configuration. A new prefix 170.254.205.0/25 is announced by AS1234. It is a more specific of 170.254.205.0/24 (include exclude test).', + message: 'Possible change of configuration. A new prefix 170.254.205.0/25 is announced by AS1234. It is a more specific of 170.254.205.0/24 (include exclude test)', data: [ { extra: {}, @@ -273,7 +273,7 @@ describe("Alerting", function () { id: '15562-165.254.255.0/25', origin: 'prefix-detection', affected: 15562, - message: 'Possible change of configuration. A new prefix 165.254.255.0/25 is announced by AS15562. It is a more specific of 165.254.255.0/24 (description 2).', + message: 'Possible change of configuration. A new prefix 165.254.255.0/25 is announced by AS15562. It is a more specific of 165.254.255.0/24 (description 2)', data: [ { extra: {}, @@ -299,7 +299,7 @@ describe("Alerting", function () { id: '204092-2a00:5884:ffff::/48', origin: 'prefix-detection', affected: "204092-45", - message: 'Possible change of configuration. A new prefix 2a00:5884:ffff::/48 is announced by AS204092. It is a more specific of 2a00:5884::/32 (alarig fix test).', + message: 'Possible change of configuration. A new prefix 2a00:5884:ffff::/48 is announced by AS204092. It is a more specific of 2a00:5884::/32 (alarig fix test)', data: [ { extra: {}, @@ -362,7 +362,7 @@ describe("Alerting", function () { id: '98.5.4.3/22', origin: 'path-matching', affected: "98.5.4.3/22", - message: 'Matched test description on prefix 98.5.4.3/22 (including length violation) 1 times.', + message: 'Matched test description on prefix 98.5.4.3/22 (including length violation) 1 times', data: [ { extra: { @@ -397,7 +397,7 @@ describe("Alerting", function () { id: '99.5.4.3/22', origin: 'path-matching', affected: "99.5.4.3/22", - message: 'Matched test description on prefix 99.5.4.3/22 1 times.', + message: 'Matched test description on prefix 99.5.4.3/22 1 times', data: [ { extra: { @@ -500,34 +500,6 @@ describe("Alerting", function () { pubSub.publish("test-type", "fade-off"); let notReceived = true; - // const expectedData = { - // "165.24.225.0/24": { - // id: '165.24.225.0/24', - // truncated: false, - // origin: 'withdrawal-detection', - // affected: 15562, - // message: 'The prefix 165.24.225.0/24 (test fade in) has been withdrawn. It is no longer visible from 4 peers.', - // data: [ - // { - // affected: 15562, - // extra: {} - // }, - // { - // affected: 15562, - // extra: {} - // }, - // { - // affected: 15562, - // extra: {} - // }, - // { - // affected: 15562, - // extra: {} - // } - // ] - // } - // - // }; setTimeout(() => { if (notReceived){