mirror/nttgin-BGPalerter
1
0
Fork 0
mirror of https://github.com/nttgin/BGPalerter.git synced 2024-05-19 06:50:08 +00:00
Code Issues Releases Wiki Activity

added email functionality and template for new prefix detection

Browse Source
This commit is contained in:
Massimo Candela
2019-07-10 18:05:08 +02:00
parent 8651ae1ea3
commit 62d24f383f
6 changed files with 324 additions and 235 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
connectors/connectorTest.js
View File

@@ -41,19 +41,21 @@ export default class ConnectorTest extends Connector{
type: "ris_message"
};
break;
case "newprefix":
update = {
data: {
announcements: [{
prefixes: ["124.40.52.0/22"],
prefixes: ["180.50.120.0/22"],
next_hop: "124.0.0.2"
}],
peer: "124.0.0.2",
path: "1,2,3,2914".split(",")
path: "1,2,3,4713".split(",")
},
type: "ris_message"
};
break;
default:
update = {
data: {

2
reports/email_templates/hijack.txt
View File

@@ -5,7 +5,7 @@ DETAILS:
------------------------------------------------------
Monitored prefix: ${prefix}
Prefix Description: ${description}
Usual prefix origin: AS${asn}
Usually announced by: AS${asn}
Event type: ${type}
Now announced by: AS${neworigin}
Now announced with: ${newprefix}

16
reports/email_templates/newprefix.txt Normal file
View File

@@ -0,0 +1,16 @@
${summary}
DETAILS:
------------------------------------------------------
Monitored prefix: ${prefix}
Prefix Description: ${description}
Usually announced by: AS${asn}
Event type: ${type}
Detected new prefix: ${newprefix}
Announced by: AS${neworigin}
When event started: ${earliest} UTC
Last event: ${latest} UTC
Detected by peers: ${peers}
See in BGPlay: ${bgplay}

8
reports/reportEmail.js
View File

@@ -124,6 +124,14 @@ export default class ReportEmail extends Report {
break;
case "newprefix":
matched = content.data[0].matchedRule;
context.prefix = matched.prefix;
context.description = matched.description;
context.asn = matched.asn;
context.peers = [...new Set(content.data.map(alert => alert.matchedMessage.peer))].length;
context.neworigin = content.data[0].matchedMessage.originAs;
context.newprefix = content.data[0].matchedMessage.prefix;
context.bgplay = this._getBGPlayLink(matched.prefix, content.earliest, content.latest);
break;
}

6
tests/config.test.yml
View File

@@ -27,6 +27,12 @@ reports:
- hijack
- newprefix
- visibility
- file: ReportEmail
channels:
- hijack
- newprefix
- visibility
checkStaleNotificationsSeconds: 60
notificationIntervalSeconds: 1800 # Repeat the same alert (which keeps being triggered) after x seconds

521
tests/test.js
View File

@@ -2,257 +2,314 @@ var chai = require("chai");
var chaiSubset = require('chai-subset');
var readLastLines = require('read-last-lines');
var moment = require('moment');
const resetCache = require('resnap')();
chai.use(chaiSubset);
var expect = chai.expect;
describe("Configuration loader", function() {
process.argv[2] = "tests/config.test.yml";
var env = require("../env");
describe("Tests", function() {
beforeEach(resetCache);
it("config structure", function() {
expect(env.config).to.have
.keys([
"environment",
"connectors",
"monitors",
"reports",
"checkStaleNotificationsSeconds",
"notificationIntervalSeconds",
"clearNotificationQueueAfterSeconds",
"monitoredPrefixesFiles",
"logging"
]);
expect(env.config.connectors[0]).to.have
.property('class')
});
describe("Configuration loader", function () {
process.argv[2] = "tests/config.test.yml";
var env = require("../env");
it("loading connectors", function() {
expect(env.config.connectors[0]).to
.containSubset({
"params": { "testType" : "withdrawal" },
"name": "tes"
});
expect(env.config.connectors[0]).to.have
.property('class')
});
it("config structure", function () {
expect(env.config).to.have
.keys([
"environment",
"connectors",
"monitors",
"reports",
"checkStaleNotificationsSeconds",
"notificationIntervalSeconds",
"clearNotificationQueueAfterSeconds",
"monitoredPrefixesFiles",
"logging"
]);
expect(env.config.connectors[0]).to.have
.property('class')
});
it("loading connectors", function () {
expect(env.config.connectors[0]).to
.containSubset({
"params": {"testType": "withdrawal"},
"name": "tes"
});
expect(env.config.connectors[0]).to.have
.property('class')
});
it("loading monitors", function() {
expect(env.config.monitors[0]).to
.containSubset({
"channel": "hijack",
"name": "basic-hijack-detection",
"params": undefined
});
it("loading monitors", function () {
expect(env.config.monitors[0]).to
.containSubset({
"channel": "hijack",
"name": "basic-hijack-detection",
"params": undefined
});
expect(env.config.monitors[1]).to
.containSubset({
"channel": "newprefix",
"name": "prefix-detection",
"params": undefined
});
expect(env.config.monitors[1]).to
.containSubset({
"channel": "newprefix",
"name": "prefix-detection",
"params": undefined
});
expect(env.config.monitors[2]).to
.containSubset({
"channel": "visibility",
"name": "withdrawal-detection",
"params": {
"threshold": 4
}
});
expect(env.config.monitors[0]).to.have
.property('class')
});
it("loading reports", function() {
expect(env.config.reports[0]).to
.containSubset({
"channels": [
"hijack",
"newprefix",
"visibility"
],
"params": undefined
});
expect(env.config.reports[0]).to.have
.property('class')
});
});
describe("Input loader", function() {
process.argv[2] = "tests/config.test.yml";
var env = require("../env");
it("loading prefixes", function() {
expect(env.input).to
.containSubset({
"prefixes": [
{
"asn": 50601,
"description": "Solid Trading / Crossivity",
"ignoreMorespecifics": false,
"prefix": "124.40.52.128/26",
"user": "default",
},
{
"asn": 4713,
"description": "OCN prefix",
"ignoreMorespecifics": false,
"prefix": "180.50.120.0/21",
"user": "default",
},
{
"asn": 4713,
"description": "OCN prefix",
"ignoreMorespecifics": true,
"prefix": "180.57.120.0/21",
"user": "default",
expect(env.config.monitors[2]).to
.containSubset({
"channel": "visibility",
"name": "withdrawal-detection",
"params": {
"threshold": 4
}
]
});
});
});
describe("Logging", function() {
process.argv[2] = "tests/config.test.yml";
var env = require("../env");
it("errors logging on the right file", function(done) {
const message = "Test message";
env.logger
.log({
level: "error",
message: message
});
const file = env.config.logging.directory + "/error-" + moment().format('YYYY-MM-DD') + ".log";
readLastLines
.read(file, 1)
.then((line) => {
const lineMessage = line.split(" ").slice(3, 5).join(" ").trim();
expect(lineMessage).to
.equal(message);
done();
});
});
it("reports logging on the right file", function(done) {
const message = "Test message";
env.logger
.log({
level: "verbose",
message: message
});
const file = env.config.logging.directory + "/reports-" + moment().format('YYYY-MM-DD') + ".log";
readLastLines
.read(file, 1)
.then((line) => {
const lineMessage = line.split(" ").slice(3, 5).join(" ").trim();
expect(lineMessage).to
.equal(message);
done();
});
});
});
describe("Alerting", function() {
process.argv[2] = "tests/config.test.yml";
var pubSub = require("../index");
var env = require("../env");
it("Alert reporting", function(done) {
pubSub.subscribe("visibility", function (type, message) {
expect(message).to
.containSubset({
id: '124.40.52.128/26',
origin: 'withdrawal-detection',
affected: 50601,
message: 'The prefix 124.40.52.128/26 (Solid Trading / Crossivity) has been withdrawn. It is no longer visible from 4 peers.'
});
expect(message).to.contain
.keys([
"latest",
"earliest",
"data"
]);
done();
expect(env.config.monitors[0]).to.have
.property('class')
});
}).timeout(5000);
it("hijack reporting", function(done) {
pubSub.publish("test-type", "hijack");
pubSub.subscribe("hijack", function (type, message) {
expect(message).to
it("loading reports", function () {
expect(env.config.reports[0]).to
.containSubset({
"affected": 4713,
"data": [
{
"extra": {},
"matchedMessage": {
"nextHop": "124.0.0.2",
"originAs": "4",
"path": [
"1",
"2",
"3",
"4",
],
"peer": "124.0.0.2",
"prefix": "180.50.120.0/22",
"type": "announcement",
},
"matchedRule": {
"asn": 4713,
"description": "OCN prefix",
"ignoreMorespecifics": false,
"prefix": "180.50.120.0/21",
"user": "default"
},
}
"channels": [
"hijack",
"newprefix",
"visibility"
],
"id": "4-180.50.120.0/22",
"message": "A new prefix 180.50.120.0/22 is announced by AS4. It should be instead 180.50.120.0/21 (OCN prefix) announced by AS4713",
"origin": "basic-hijack-detection",
"params": undefined
});
expect(message).to.contain
.keys([
"latest",
"earliest",
"data"
]);
done();
setTimeout(function () {
process.exit()
}, 20000);
expect(env.config.reports[0]).to.have
.property('class')
});
}).timeout(10000);
});
describe("Input loader", function () {
process.argv[2] = "tests/config.test.yml";
var env = require("../env");
it("loading prefixes", function () {
expect(env.input).to
.containSubset({
"prefixes": [
{
"asn": 50601,
"description": "Solid Trading / Crossivity",
"ignoreMorespecifics": false,
"prefix": "124.40.52.128/26",
"user": "default",
},
{
"asn": 4713,
"description": "OCN prefix",
"ignoreMorespecifics": false,
"prefix": "180.50.120.0/21",
"user": "default",
},
{
"asn": 4713,
"description": "OCN prefix",
"ignoreMorespecifics": true,
"prefix": "180.57.120.0/21",
"user": "default",
}
]
});
});
});
describe("Logging", function () {
process.argv[2] = "tests/config.test.yml";
var env = require("../env");
it("errors logging on the right file", function (done) {
const message = "Test message";
env.logger
.log({
level: "error",
message: message
});
const file = env.config.logging.directory + "/error-" + moment().format('YYYY-MM-DD') + ".log";
readLastLines
.read(file, 1)
.then((line) => {
const lineMessage = line.split(" ").slice(3, 5).join(" ").trim();
expect(lineMessage).to
.equal(message);
done();
});
});
it("reports logging on the right file", function (done) {
const message = "Test message";
env.logger
.log({
level: "verbose",
message: message
});
const file = env.config.logging.directory + "/reports-" + moment().format('YYYY-MM-DD') + ".log";
readLastLines
.read(file, 1)
.then((line) => {
const lineMessage = line.split(" ").slice(3, 5).join(" ").trim();
expect(lineMessage).to
.equal(message);
done();
});
});
});
describe("Alerting", function () {
process.argv[2] = "tests/config.test.yml";
var pubSub = require("../index");
var env = require("../env");
it("visibility reporting", function(done) {
pubSub.subscribe("visibility", function (type, message) {
expect(message).to
.containSubset({
id: '124.40.52.128/26',
origin: 'withdrawal-detection',
affected: 50601,
message: 'The prefix 124.40.52.128/26 (Solid Trading / Crossivity) has been withdrawn. It is no longer visible from 4 peers.'
});
expect(message).to.contain
.keys([
"latest",
"earliest",
"data"
]);
done();
});
}).timeout(10000);
it("hijack reporting", function(done) {
pubSub.publish("test-type", "hijack");
pubSub.subscribe("hijack", function (type, message) {
expect(message).to
.containSubset({
"affected": 4713,
"data": [
{
"extra": {},
"matchedMessage": {
"nextHop": "124.0.0.2",
"originAs": "4",
"path": [
"1",
"2",
"3",
"4",
],
"peer": "124.0.0.2",
"prefix": "180.50.120.0/22",
"type": "announcement",
},
"matchedRule": {
"asn": 4713,
"description": "OCN prefix",
"ignoreMorespecifics": false,
"prefix": "180.50.120.0/21",
"user": "default"
},
}
],
"id": "4-180.50.120.0/22",
"message": "A new prefix 180.50.120.0/22 is announced by AS4. It should be instead 180.50.120.0/21 (OCN prefix) announced by AS4713",
"origin": "basic-hijack-detection",
});
expect(message).to.contain
.keys([
"latest",
"earliest",
"data"
]);
done();
});
}).timeout(10000);
it("newprefix reporting", function (done) {
pubSub.publish("test-type", "newprefix");
pubSub.subscribe("newprefix", function (type, message) {
expect(message).to
.containSubset({
"affected": 4713,
"data": [
{
"extra": {},
"matchedMessage": {
"nextHop": "124.0.0.2",
"originAs": "4713",
"path": [
"1",
"2",
"3",
"4713",
],
"peer": "124.0.0.2",
"prefix": "180.50.120.0/22",
"type": "announcement",
},
"matchedRule": {
"asn": 4713,
"description": "OCN prefix",
"ignoreMorespecifics": false,
"prefix": "180.50.120.0/21",
"user": "default"
},
}
],
"id": "4713-180.50.120.0/22",
"message": "Possible change of configuration. A new prefix 180.50.120.0/22 is announced by AS4713. It should be instead 180.50.120.0/21 (OCN prefix) announced by AS4713",
"origin": "prefix-detection",
});
expect(message).to.contain
.keys([
"latest",
"earliest",
"data"
]);
done();
setTimeout(function () {
process.exit()
}, 20000);
});
}).timeout(10000);
});
});