Refactoring Promotheus metrics behavior

teler-sh · Dec 14, 2021 · c1a9b38 · c1a9b38
1 parent 5c4aff9
commit c1a9b38
Show file tree

Hide file tree

Showing 3 changed files with 60 additions and 45 deletions.
diff --git a/pkg/metrics/metrics.go b/pkg/metrics/metrics.go
@@ -4,47 +4,47 @@ import "github.com/prometheus/client_golang/prometheus"
 
 // Defines its Prometheus metrics variables
 var (
-	GetCWA = prometheus.NewCounterVec(
+	getCWA = prometheus.NewCounterVec(
 		prometheus.CounterOpts{
 			Name: "teler_cwa",
 			Help: "Get lists of Common Web Attack threats",
 		},
 		[]string{"description", "remote_addr", "request_uri", "status"},
 	)
 
-	GetCVE = prometheus.NewCounterVec(
+	getCVE = prometheus.NewCounterVec(
 		prometheus.CounterOpts{
 			Name: "teler_cve",
 			Help: "Get lists of CVE threats",
 		},
 		[]string{"description", "remote_addr", "request_uri", "status"},
 	)
 
-	GetBadCrawler = prometheus.NewCounterVec(
+	getBadCrawler = prometheus.NewCounterVec(
 		prometheus.CounterOpts{
 			Name: "teler_badcrawler",
 			Help: "Get lists of Bad Crawler requests",
 		},
 		[]string{"remote_addr", "http_user_agent", "status"},
 	)
 
-	GetDirBruteforce = prometheus.NewCounterVec(
+	getDirBruteforce = prometheus.NewCounterVec(
 		prometheus.CounterOpts{
 			Name: "teler_dir_bruteforce",
 			Help: "Get lists of Directories Bruteforced",
 		},
 		[]string{"remote_addr", "request_uri", "status"},
 	)
 
-	GetBadIP = prometheus.NewCounterVec(
+	getBadIP = prometheus.NewCounterVec(
 		prometheus.CounterOpts{
 			Name: "teler_badip_count",
 			Help: "Total number of Bad IP Addresses",
 		},
 		[]string{"remote_addr"},
 	)
 
-	GetBadReferrer = prometheus.NewCounterVec(
+	getBadReferrer = prometheus.NewCounterVec(
 		prometheus.CounterOpts{
 			Name: "teler_bad_referrer",
 			Help: "Get lists of Bad Referrer requests",
@@ -64,7 +64,7 @@ var (
 // Init will register a Prometheus metrics with the specified variables
 func Init() {
 	prometheus.MustRegister(
-		GetBadCrawler, GetDirBruteforce, GetBadIP,
-		GetCWA, GetCVE, GetBadReferrer, GetThreatTotal,
+		getBadCrawler, getDirBruteforce, getBadIP,
+		getCWA, getCVE, getBadReferrer, GetThreatTotal,
 	)
 }
diff --git a/pkg/metrics/send.go b/pkg/metrics/send.go
@@ -0,0 +1,51 @@
+package metrics
+
+import (
+	"strings"
+
+	"github.com/prometheus/client_golang/prometheus"
+)
+
+// Send logs to metrics
+func Send(log map[string]string) {
+	var counter prometheus.Counter
+
+	switch {
+	case strings.HasPrefix(log["category"], "Common Web Attack"):
+		counter = getCWA.WithLabelValues(
+			log["category"],
+			log["remote_addr"],
+			log["request_uri"],
+			log["status"],
+		)
+	case strings.HasPrefix(log["category"], "CVE-"):
+		counter = getCVE.WithLabelValues(
+			log["category"],
+			log["remote_addr"],
+			log["request_uri"],
+			log["status"],
+		)
+	case log["category"] == "Bad Crawler":
+		counter = getBadCrawler.WithLabelValues(
+			log["remote_addr"],
+			log["http_user_agent"],
+			log["status"],
+		)
+	case log["category"] == "Bad IP Address":
+		counter = getBadIP.WithLabelValues(
+			log["remote_addr"],
+		)
+	case log["category"] == "Bad Referrer":
+		counter = getBadReferrer.WithLabelValues(
+			log["http_referer"],
+		)
+	case log["category"] == "Directory Bruteforce":
+		counter = getDirBruteforce.WithLabelValues(
+			log["remote_addr"],
+			log["request_uri"],
+			log["status"],
+		)
+	}
+
+	counter.Inc()
+}
diff --git a/pkg/teler/teler.go b/pkg/teler/teler.go
@@ -65,13 +65,6 @@ func Analyze(options *common.Options, logs *gonx.Entry) (bool, map[string]string
 						)
 
 						if match {
-							metrics.GetCWA.WithLabelValues(
-								log["category"],
-								log["remote_addr"],
-								log["request_uri"],
-								log["status"],
-							).Inc()
-
 							break
 						}
 					}
@@ -163,16 +156,6 @@ func Analyze(options *common.Options, logs *gonx.Entry) (bool, map[string]string
 
 						if fq >= len(diff.Query()) {
 							match = true
-						}
-
-						if match {
-							metrics.GetCVE.WithLabelValues(
-								log["category"],
-								log["remote_addr"],
-								log["request_uri"],
-								log["status"],
-							).Inc()
-
 							break
 						}
 					}
@@ -191,12 +174,6 @@ func Analyze(options *common.Options, logs *gonx.Entry) (bool, map[string]string
 
 			for _, pat := range strings.Split(data["content"], "\n") {
 				if match = matchers.IsMatch(pat, log["http_user_agent"]); match {
-					metrics.GetBadCrawler.WithLabelValues(
-						log["remote_addr"],
-						log["http_user_agent"],
-						log["status"],
-					).Inc()
-
 					break
 				}
 			}
@@ -209,9 +186,6 @@ func Analyze(options *common.Options, logs *gonx.Entry) (bool, map[string]string
 
 			ips := strings.Split(data["content"], "\n")
 			match = matchers.IsMatchFuzz(log["remote_addr"], ips)
-			if match {
-				metrics.GetBadIP.WithLabelValues(log["remote_addr"]).Inc()
-			}
 		case "Bad Referrer":
 			log["element"] = "http_referer"
 			if isWhitelist(options, log["http_referer"]) {
@@ -229,9 +203,6 @@ func Analyze(options *common.Options, logs *gonx.Entry) (bool, map[string]string
 			refs := strings.Split(data["content"], "\n")
 
 			match = matchers.IsMatchFuzz(req.Host, refs)
-			if match {
-				metrics.GetBadReferrer.WithLabelValues(log["http_referer"]).Inc()
-			}
 		case "Directory Bruteforce":
 			log["element"] = "request_uri"
 
@@ -249,17 +220,10 @@ func Analyze(options *common.Options, logs *gonx.Entry) (bool, map[string]string
 			if req.Path != "/" {
 				match = matchers.IsMatch(trimFirst(req.Path), data["content"])
 			}
-
-			if match {
-				metrics.GetDirBruteforce.WithLabelValues(
-					log["remote_addr"],
-					log["request_uri"],
-					log["status"],
-				).Inc()
-			}
 		}
 
 		if match {
+			metrics.Send(log)
 			return match, log
 		}
 	}