Parse connection attempts to hidden services on wrong ports

freedomofpress / ansible-role-elk

Installs a turnkey ELK stack for log aggregation and analysis, with optional Riemann support for alerting

18 stars 13 forks source link

Parse connection attempts to hidden services on wrong ports #44

Closed ageis closed 8 years ago

ageis commented 8 years ago

Per OSSEC alerts reported by SecureDrop admins, general crawling of the Tor network, including with OnionScan, and logs aggregated by FPF, there are frequent connection attempts to hidden services on ports other-than-specified. These result in a warning in the Tor log:

[warn] connection_edge_process_relay_cell (at origin) failed.

This commit adds parsing for an associated info-level logline so we can analyze these trends and the port numbers that are being tried in ELK.

conorsch commented 8 years ago

Doesn't get much cleaner than this. Looks great, I'll run the test suite manually and merge if clean.

conorsch commented 8 years ago

Looks good! Merging.