Skip to content
This repository has been archived by the owner on Jan 24, 2023. It is now read-only.

Latest commit

 

History

History
55 lines (35 loc) · 2.01 KB

README.md

File metadata and controls

55 lines (35 loc) · 2.01 KB

BGPalerter

NOTICE: BGPalerter was rewritten from scratch and moved, please take a look at the new code base

The new fresh code base can be found at nttgin/bgpalerter

Old README

BGPalerter is a script to monitor in real time if a list of <prefix, AS> pairs are announced consistently.

It uses the real-time RIPE RIS streaming service to obtain BGP messages with a delay in the order of seconds.

For now BGPalerter triggers an alert if:

  1. a prefix (or a more specific) is announced by a different AS of what it should be
  2. a prefix is loosing visibility
  3. a more specific is announced instead of the prefix initially configured (but it was not supposed to happen)

Installation

Steps:

  • clone the repo: git clone [email protected]:NLNOG/bgpalerter.git or download the zip file https://github.com/NLNOG/bgpalerter/archive/master.zip

  • rename monitored_prefixes.base.yml to monitored_prefixes.yml

  • edit the monitored_prefixes.yml file to contain your prefixes.

27.114.0.0/17: <- The prefix you want to monitor
    description: A description <-- A human readable description that will appear in the notification
    base_asn: 2914 <-- The origin ASN of the prefix
    ignore_morespec: False <-- Monitor also for more specific prefix and trigger an alert if they appear (I would leave it to False!)
  • rename config.base.yml to config.yml

  • edit the config.yml file.

  • You need python 3.7, after install the other requirements with pip install -r requirements.txt

  • to run the monitoring do python runner.py

Notifications

In runner.py you can subscribe to the following event names:

  • hijack (type 1)
  • low-visibility (type 2)
  • difference (type 3)
  • heartbeat (status of the monitor)

As an example the script sends the notifications to a slack channel or to a list of email addresses (both configurable in config.yml) but you can subscribe to the event whatever callback you want.