Commit 1a8e1ac4 authored by Olav Kvittem's avatar Olav Kvittem
Browse files

show flows whos traceroute passes given ip-addresses

parent a945ab09
# extract traceroutes containing a list of ip_addresses
use Getopt::Long;
use JSON;
# default paths
my $elastic_url='';
my $ip_url='';
my ( $opt_help, $opt_addr, $opt_gw, $opt_debug);
# default parameters
# my $opt_addr='no-address-given';
my $opt_addr='';
my $opt_variant = "dragonlab";
my $opt_start='10 min ago';
my $opt_end='now';
my $usage="$0 -addr ip,..
[-variant <variant> ($opt_variant)
[-start <datetime>] ($opt_start) any unix date spec
[-end <datetime>] ($opt_end)
[-help] (this)";
GetOptions( 'h' => \$opt_h, 'help' => \$opt_help, 'debug' => \$opt_debug,
'addr=s' => \$opt_addr, 'gw=s' => \$opt_gw, 'variant=s' => \$opt_variant,
'start=s' => \$opt_start, 'end=s' => \$opt_end) || die $usage;
die $usage if $opt_help || $opt_h;
my $index = $opt_variant . "_traceroute";
my $start=`date -d "$opt_start" +%Y-%m-%dT%T` || die "invalid date spec $opt_start";
my $end=`date -d "$opt_end" +%Y-%m-%dT%T` || die "invalid date spec $opt_end";;
if ( $opt_gw){
my $cmd = "curl $ip_url?gw=$opt_gw";
printf STDERR "$cmd\n" if $opt_debug;
my $gw_addr = `$cmd 2>/dev/null`;
my $gw_addr_r = decode_json $gw_addr;
if ($#$gw_addr_r >=0){
$opt_addr .= "," if length($opt_addr) > 0;
$opt_addr .= join(",", @$gw_addr_r);
my $cmd='curl \'' . $elastic_url . '?index=' . $index
. '&event_type=traceroute&path_addr=' . $opt_addr
. "&start=$start&end=$end" .'\'';
printf STDERR "$cmd\n" if $opt_debug;
my $doc = `$cmd 2>/dev/null`;
$doc=decode_json $doc;
if ( $doc->{error} ){
warn encode_json($doc);
} elsif ( $doc->{hits} ) {
printf "%-8s %-25s %-25s %s\n", "Time", "From", "To", "Path";
foreach $r( @{ $doc->{hits}{hits} } ){
my $src= $r->{_source};
my $time= `date -d $src->{timestamp} +%T`;
printf "%-8s %-25s %-25s %s\n", $time, $src->{from}, $src->{to}, $src->{path};
} else {
warn "### error in web-transation :\n$doc\n";
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment