add geoIP database support: from local file or from url

Author: woblerr

.gitignore

@@ -5,12 +5,19 @@
 *.so
 *.dylib
 *.html
+*.zip
+*.tar
+*.tar.gz
 
 /auth_exporter
 /auth_exporter.service
 
+/GeoLite*
+
 /dist
 
+/.vscode
+
 # Test binary, built with `go test -c`
 *.test
 

README.md

@@ -55,7 +55,7 @@ make build
 ./auth_exporter <flags>
 ```
 
-By default, metrics will be collecting from `/var/log/auth.log` and will be available at http://localhost:9090/metrics. This means that the user who runs `auth_exporter` should have read permission to file `/var/log/auth.log`. You can changed logfile location, port and endpoint by using the`-auth.log`, `-port` and `-endpoint` flags.
+By default, metrics will be collecting from `/var/log/auth.log` and will be available at http://localhost:9090/metrics. This means that the user who runs `auth_exporter` should have read permission to file `/var/log/auth.log`. You can changed logfile location, port and endpoint by using the`-auth.log`, `-prom.port` and `-prom.endpoint` flags.
 
 Available configuration flags:
 
@@ -65,9 +65,13 @@ Available configuration flags:
 Usage of ./auth_exporter:
   -auth.log string
         Path to auth.log (default "/var/log/auth.log")
-  -endpoint string
+  -geo.db string
+        Path to geoIP database file
+  -geo.lang string
+        Output language format (default "en")
+  -prom.endpoint string
         Endpoint used for metrics (default "/metrics")
-  -port string
+  -prom.port string
         Port for prometheus metrics to listen on (default "9991")
 ```
 

auth_exporter.go

@@ -12,38 +12,36 @@ import (
 )
 
 var (
-	promPort    = flag.String("port", "9991", "Port for prometheus metrics to listen on")
-	promPath    = flag.String("endpoint", "/metrics", "Endpoint used for metrics")
+	promPort    = flag.String("prom.port", "9991", "Port for prometheus metrics to listen on")
+	promPath    = flag.String("prom.endpoint", "/metrics", "Endpoint used for metrics")
 	authlogPath = flag.String("auth.log", "/var/log/auth.log", "Path to auth.log")
+	geodbPath   = flag.String("geo.db", "", "Path to geoIP database file")
+	geodbLang   = flag.String("geo.lang", "en", "Output language format")
+	geodbURL    = flag.String("geo.url", "https://freegeoip.live/json/", "URL for geoIP database API ")
+	geodbType   = flag.String("geo.type", "", "Type of geoIP database: db, url")
 	version     = "development"
 )
 
 func main() {
-
 	// Load command line arguments
 	flag.Parse()
-
 	// Setup signal catching
 	sigs := make(chan os.Signal, 1)
-
 	// Catch  listed signals
 	signal.Notify(sigs, syscall.SIGINT, syscall.SIGTERM, syscall.SIGKILL)
-
 	// Method invoked upon seeing signal
 	go func() {
 		s := <-sigs
-		log.Printf("RECEIVED SIGNAL: %s", s)
-		log.Printf("Stopping : %s", filepath.Base(os.Args[0]))
+		log.Printf("RECEIVED SIGNAL %s", s)
+		log.Printf("Stopping  %s", filepath.Base(os.Args[0]))
 		os.Exit(0)
 	}()
-
 	log.Printf("Starting %s", filepath.Base(os.Args[0]))
-	log.Printf("Version: %s", version)
-
+	log.Printf("Version %s", version)
 	// Setup parameters for exporter
 	promexporter.SetPromPortandPath(*promPort, *promPath)
 	promexporter.SetAuthlogPath(*authlogPath)
-
+	promexporter.SetGeodbPath(*geodbType, *geodbPath, *geodbLang, *geodbURL)
 	// Start exporter
 	promexporter.Start()
 }

promexporter/endpoint.go

@@ -8,20 +8,18 @@ import (
 )
 
 var (
-	promPort     = "9991"
-	promEndpoint = "/metrics"
+	promPort     string
+	promEndpoint string
 )
 
 // SetPromPortandPath sets HTTP endpoint parameters from command line arguments 'port' and 'endpoint'
 func SetPromPortandPath(port, endpoint string) {
 	promPort = port
 	promEndpoint = endpoint
+	log.Printf("Use port %s and HTTP endpoint %s", promPort, promEndpoint)
 }
 
 func startPromEndpoint() {
-
-	log.Printf("Use port: %s and HTTP endpoint: %s", promPort, promEndpoint)
-
 	go func() {
 		http.Handle(promEndpoint, promhttp.Handler())
 		log.Fatalln(http.ListenAndServe(":"+promPort, nil))

promexporter/endpoint_test.go

@@ -10,8 +10,7 @@ func TestSetPromPortandPath(t *testing.T) {
 		testEndpoit = "/metrics"
 	)
 	SetPromPortandPath(testPort, testEndpoit)
-
 	if testPort != promPort || testEndpoit != promEndpoint {
-		t.Errorf("Variables do not match: %s, want: %s; %s, want: %s", testPort, promPort, testEndpoit, promEndpoint)
+		t.Errorf("\nVariables do not match: %s,\nwant: %s;\nendpoint: %s,\nwant: %s", testPort, promPort, testEndpoit, promEndpoint)
 	}
 }

promexporter/exporter.go

@@ -7,18 +7,16 @@ import (
 )
 
 var (
-	authlogPath = "/var/log/auth.log"
+	authlogPath string
 )
 
 // SetAuthlogPath sets path for 'auth.log' from command line argument 'auth.log'
 func SetAuthlogPath(filePath string) {
 	authlogPath = filePath
+	log.Printf("Log for parsing %s", authlogPath)
 }
 
 func startParserAuthlog(filePath string) {
-
-	log.Printf("Log for parsing: %s", authlogPath)
-
 	t, err := tail.TailFile(filePath, tail.Config{
 		Follow:    true,
 		ReOpen:    true,
@@ -29,7 +27,6 @@ func startParserAuthlog(filePath string) {
 	for line := range t.Lines {
 		parseLine(line)
 	}
-
 }
 
 // Start runs promhttp endpoind and parsing log process

promexporter/exporter_test.go

@@ -9,8 +9,7 @@ func TestSetAuthlogPath(t *testing.T) {
 		testLog = "/test_log/auth.log"
 	)
 	SetAuthlogPath(testLog)
-
 	if testLog != authlogPath {
-		t.Errorf("Variables do not match: %s, want: %s", testLog, authlogPath)
+		t.Errorf("Variables do not match: %s,\nwant: %s", testLog, authlogPath)
 	}
 }

promexporter/geo.go

@@ -0,0 +1,109 @@
+package promexporter
+
+import (
+	"encoding/json"
+	"io/ioutil"
+	"log"
+	"net"
+	"net/http"
+
+	"github.com/oschwald/geoip2-golang"
+)
+
+var (
+	geodbType string
+	geodbPath string
+	geoLang   string
+	geoURL    string
+	geodbIs   = false
+)
+
+type geoInfo struct {
+	countyISOCode string
+	countryName   string
+	cityName      string
+}
+
+// SetGeodbPath sets geoIP database parameters from command line argument geo.type, geo.db and geo.lang or geo.url
+func SetGeodbPath(geoType, filePath, outputLang, url string) {
+	geodbType = geoType
+	geodbPath = filePath
+	geoLang = outputLang
+	geoURL = url
+	checkGeoDBFlags()
+}
+
+func checkGeoDBFlags() {
+	notSetLogMsg := "GeoIP database is not set and not use"
+	switch geodbType {
+	case "":
+		log.Println(notSetLogMsg)
+	case "db":
+		if geodbPath == "" {
+			log.Println("Error geo.db flag is not set", geodbPath)
+			log.Println(notSetLogMsg)
+		} else {
+			geodbIs = true
+			log.Println("Use GeoIp database file", geodbPath)
+		}
+	case "url":
+		geodbIs = true
+		log.Println("Use GeoIp database url", geoURL)
+	default:
+		log.Println("Error geo.type flag value is incorect", geodbType)
+		log.Println(notSetLogMsg)
+	}
+}
+
+func getIPDetailsFromLocalDB(returnValues *geoInfo, ipAddres string) {
+	geodb, err := geoip2.Open(geodbPath)
+	if err != nil {
+		log.Println("Error opening GeoIp database file", err)
+		return
+	}
+	defer geodb.Close()
+	ip := net.ParseIP(ipAddres)
+	if ip == nil {
+		log.Println("Error parsing ip address", ipAddres)
+		return
+	}
+	record, err := geodb.City(ip)
+	if err != nil {
+		log.Println("Error getting location details", err)
+		return
+	}
+	returnValues.countyISOCode = record.Country.IsoCode
+	returnValues.countryName = record.Country.Names[geoLang]
+	returnValues.cityName = record.City.Names[geoLang]
+}
+
+func getIPDetailsFromURL(returnValues *geoInfo, ipAddres string) {
+	response, err := http.Get(geoURL + ipAddres)
+	if err != nil {
+		log.Println("Error getting GeoIp URL", err)
+		return
+	}
+	defer response.Body.Close()
+	body, err := ioutil.ReadAll(response.Body)
+	if err != nil {
+		log.Println("Error getting body from GeoIp URL", err)
+		return
+	}
+	var parseData map[string]interface{}
+	err = json.Unmarshal([]byte(body), &parseData)
+	if err != nil {
+		log.Println("Error parsing json-encoded body from GeoIp URL", err)
+		return
+	}
+	returnValues.countyISOCode = getMap(parseData, "country_code")
+	returnValues.countryName = getMap(parseData, "country_name")
+	returnValues.cityName = getMap(parseData, "city")
+}
+
+func getMap(data map[string]interface{}, key string) string {
+	str, ok := data[key].(string)
+	if !ok {
+		log.Printf("Error for key %s value %s is not a string", key, str)
+	}
+	return str
+}

promexporter/geo_test.go

@@ -0,0 +1,89 @@
+package promexporter
+
+import (
+	"bytes"
+	"log"
+	"os"
+	"strings"
+	"testing"
+)
+
+func TestSetGeodbPath(t *testing.T) {
+	type args struct {
+		geoType    string
+		filePath   string
+		outputLang string
+		url        string
+	}
+	tests := []struct {
+		name string
+		args args
+		want string
+	}{
+		{"defaultGeodbType",
+			args{"", "", "", ""},
+			"GeoIP database is not set and not use",
+		},
+		{"dbGeodbTypePathEmpty",
+			args{"db", "", "", ""},
+			"Error geo.db flag is not set",
+		},
+		{"dbGeodbTypePathNotEmpty",
+			args{"db", "test.file", "", ""},
+			"Use GeoIp database file",
+		},
+		{"urlGeodbType",
+			args{"url", "", "", "http://test"},
+			"Use GeoIp database url",
+		},
+		{"badGeodbType",
+			args{"test", "", "", ""},
+			"Error geo.type flag value is incorect",
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			var buf bytes.Buffer
+			log.SetOutput(&buf)
+			defer func() {
+				log.SetOutput(os.Stdout)
+			}()
+			SetGeodbPath(tt.args.geoType, tt.args.filePath, tt.args.outputLang, tt.args.url)
+			if got := buf.String(); !strings.Contains(got, tt.want) {
+				t.Errorf("\nSetGeodbPath() log output:\n%s\nnot containt want:\n%s", got, tt.want)
+			}
+		})
+	}
+}
+
+func TestGetMap(t *testing.T) {
+	type args struct {
+		data map[string]interface{}
+		key  string
+	}
+	tests := []struct {
+		name string
+		args args
+		want string
+	}{
+		{"existKey",
+			args{
+				map[string]interface{}{"country_code": "US"},
+				"country_code",
+			},
+			"US"},
+		{"notExistKey",
+			args{
+				map[string]interface{}{"country_code": "US"},
+				"city",
+			},
+			""},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if got := getMap(tt.args.data, tt.args.key); got != tt.want {
+				t.Errorf("\ngetMap() =\n%v,\nwant=\n%v", got, tt.want)
+			}
+		})
+	}
+}

promexporter/parser.go

@@ -9,8 +9,7 @@ import (
 )
 
 var (
-	authLinePrefix = "^(?P<date>[A-Z][a-z]{2}\\s+\\d{1,2}) (?P<time>(\\d{2}:?){3}) (?P<host>[a-zA-Z0-9_\\-\\.]+) (?P<ident>[a-zA-Z0-9_\\-]+)(\\[(?P<pid>\\d+)\\])?: "
-
+	authLinePrefix  = "^(?P<date>[A-Z][a-z]{2}\\s+\\d{1,2}) (?P<time>(\\d{2}:?){3}) (?P<host>[a-zA-Z0-9_\\-\\.]+) (?P<ident>[a-zA-Z0-9_\\-]+)(\\[(?P<pid>\\d+)\\])?: "
 	authLineRegexps = map[string]*regexp.Regexp{
 		"authAccepted":     regexp.MustCompile(authLinePrefix + "Accepted (password|publickey) for (?P<user>.*) from (?P<ipAddress>.*) port"),
 		"authFailed":       regexp.MustCompile(authLinePrefix + "Failed (password|publickey) for (invalid user )?(?P<user>.*) from (?P<ipAddress>.*) port"),
@@ -22,7 +21,7 @@ var (
 		Name: "auth_exporter_auth_events",
 		Help: "The total number of auth events by user and IP addresses",
 	},
-		[]string{"eventType", "user", "ipAddress"})
+		[]string{"eventType", "user", "ipAddress", "countyISOCode", "countryName", "cityName"})
 )
 
 type authLogLine struct {
@@ -33,32 +32,44 @@ type authLogLine struct {
 
 func parseLine(line *tail.Line) {
 	parsedLog := &authLogLine{}
-
 	matches := make(map[string]string)
-
 	// Find the type of log and parse it
 	for t, re := range authLineRegexps {
 		if re.MatchString(line.Text) {
 			parsedLog.Type = t
 			matches = getMatches(line.Text, re)
-			//fmt.Println(matches)
 			continue
 		}
 	}
 	// Skip if not matching
 	if len(matches) == 0 {
 		return
 	}
+	geoIPData := &geoInfo{}
 	parsedLog.Username = matches["user"]
 	parsedLog.IPAddress = matches["ipAddress"]
+	// Get geo information
+	if geodbIs {
+		if geodbType == "db" {
+			getIPDetailsFromLocalDB(geoIPData, parsedLog.IPAddress)
+		} else {
+			getIPDetailsFromURL(geoIPData, parsedLog.IPAddress)
+		}
+	}
 	// Add metric
-	authVentsMetric.WithLabelValues(parsedLog.Type, parsedLog.Username, parsedLog.IPAddress).Inc()
+	authVentsMetric.WithLabelValues(
+		parsedLog.Type,
+		parsedLog.Username,
+		parsedLog.IPAddress,
+		geoIPData.countyISOCode,
+		geoIPData.countryName,
+		geoIPData.cityName,
+	).Inc()
 }
 
 func getMatches(line string, re *regexp.Regexp) map[string]string {
 	matches := re.FindStringSubmatch(line)
 	results := make(map[string]string)
-
 	// Get the basic information out of the log
 	for i, name := range re.SubexpNames() {
 		if i != 0 && len(matches) > i {

promexporter/parser_test.go

@@ -6,7 +6,7 @@ import (
 	"testing"
 )
 
-func Test_getMatches(t *testing.T) {
+func TestGetMatches(t *testing.T) {
 	type args struct {
 		line string
 		re   *regexp.Regexp
@@ -113,11 +113,10 @@ func Test_getMatches(t *testing.T) {
 			},
 		},
 	}
-
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			if got := getMatches(tt.args.line, tt.args.re); !reflect.DeepEqual(got, tt.want) {
-				t.Errorf("getMatches() = %v, want %v", got, tt.want)
+				t.Errorf("\ngetMatches():\n%v,\nwant:\n%v", got, tt.want)
 			}
 		})
 	}