From 9ac8878f5ce46a6feff8f4d20d5c7b4fbd4ee6af Mon Sep 17 00:00:00 2001
From: Justin Azoff <justin.azoff@gmail.com>
Date: Wed, 28 Mar 2018 11:53:55 -0400
Subject: [PATCH] Add better error checking for backends

since the nfdump backend requires the nfdump command, check to see if it
is available first.
---
 backend/backend.go         |  1 +
 backend/bro.go             |  4 ++++
 backend/bro_json.go        |  3 +++
 backend/nfdump.go          | 20 +++++++++++++++++++-
 backend/pcap.go            |  4 ++++
 backend/syslog.go          |  3 +++
 flowindexer/flowindexer.go |  8 ++++++--
 flowindexer/index.go       |  6 ++++++
 8 files changed, 46 insertions(+), 3 deletions(-)

diff --git a/backend/backend.go b/backend/backend.go
index e8ff392..8177d48 100644
--- a/backend/backend.go
+++ b/backend/backend.go
@@ -11,6 +11,7 @@ const maxLineLength = 20 * 1024 * 1024
 type Backend interface {
 	ExtractIps(reader io.Reader, ips *ipset.Set) (uint64, error)
 	Filter(reader io.Reader, query string, writer io.Writer) error
+	Check() error
 }
 
 var backends = map[string]Backend{}
diff --git a/backend/bro.go b/backend/bro.go
index 8843548..73ac153 100644
--- a/backend/bro.go
+++ b/backend/bro.go
@@ -56,6 +56,10 @@ func (b BroBackend) Filter(reader io.Reader, query string, writer io.Writer) err
 	return nil
 }
 
+func (b BroBackend) Check() error {
+	return nil
+}
+
 func init() {
 	RegisterBackend("bro", BroBackend{})
 }
diff --git a/backend/bro_json.go b/backend/bro_json.go
index 3008a27..e16ae31 100644
--- a/backend/bro_json.go
+++ b/backend/bro_json.go
@@ -78,6 +78,9 @@ func (b BroJSONBackend) Filter(reader io.Reader, query string, writer io.Writer)
 	}
 	return nil
 }
+func (b BroJSONBackend) Check() error {
+	return nil
+}
 
 func init() {
 	RegisterBackend("bro_json", BroJSONBackend{})
diff --git a/backend/nfdump.go b/backend/nfdump.go
index bb96b9e..4435968 100644
--- a/backend/nfdump.go
+++ b/backend/nfdump.go
@@ -50,7 +50,19 @@ func (b NFDUMPCSVBackend) ExtractIps(reader io.Reader, ips *ipset.Set) (uint64,
 	return lines, err
 }
 func (b NFDUMPCSVBackend) Filter(reader io.Reader, query string, writer io.Writer) error {
-	return nil
+	filter := fmt.Sprintf("ip in [%s]", query)
+	cmd := exec.Command("nfdump", "-qr", "-", filter)
+	cmd.Stdin = reader
+	cmd.Stdout = writer
+
+	err := cmd.Run()
+	return err
+}
+
+func (b NFDUMPCSVBackend) Check() error {
+	cmd := exec.Command("nfdump", "-V")
+	_, err := cmd.CombinedOutput()
+	return err
 }
 
 type NFDUMPBackend struct {
@@ -95,6 +107,12 @@ func (b NFDUMPBackend) Filter(reader io.Reader, query string, writer io.Writer)
 	return err
 }
 
+func (b NFDUMPBackend) Check() error {
+	cmd := exec.Command("nfdump", "-V")
+	_, err := cmd.CombinedOutput()
+	return err
+}
+
 func init() {
 	RegisterBackend("nfdump-csv", NFDUMPCSVBackend{})
 	RegisterBackend("nfdump", NFDUMPBackend{})
diff --git a/backend/pcap.go b/backend/pcap.go
index 136d0a1..aa67e7a 100644
--- a/backend/pcap.go
+++ b/backend/pcap.go
@@ -64,6 +64,10 @@ func (b PCAPBackend) Filter(reader io.Reader, query string, writer io.Writer) er
 	return err
 }
 
+func (b PCAPBackend) Check() error {
+	return nil
+}
+
 func init() {
 	RegisterBackend("pcap", PCAPBackend{})
 }
diff --git a/backend/syslog.go b/backend/syslog.go
index bd18ec7..70d3471 100644
--- a/backend/syslog.go
+++ b/backend/syslog.go
@@ -77,6 +77,9 @@ func (b SyslogBackend) Filter(reader io.Reader, query string, writer io.Writer)
 	}
 	return nil
 }
+func (b SyslogBackend) Check() error {
+	return nil
+}
 
 func init() {
 	RegisterBackend("syslog", SyslogBackend{})
diff --git a/flowindexer/flowindexer.go b/flowindexer/flowindexer.go
index 2c2b945..6743738 100644
--- a/flowindexer/flowindexer.go
+++ b/flowindexer/flowindexer.go
@@ -235,7 +235,9 @@ func (i *Indexer) IndexAll() error {
 		//Assume the last file in the list is the most recent one
 		//and check to see if it is still growing before indexing it
 		checkGrowing := idx == len(logs)-1
-		i.IndexOne(l, checkGrowing)
+		if err = i.IndexOne(l, checkGrowing); err != nil {
+			return err
+		}
 	}
 
 	return nil
@@ -252,7 +254,9 @@ func (i *Indexer) IndexRecent() error {
 		//Assume the last file in the list is the most recent one
 		//and check to see if it is still growing before indexing it
 		checkGrowing := idx == len(logs)-1
-		i.IndexOne(l, checkGrowing)
+		if err = i.IndexOne(l, checkGrowing); err != nil {
+			return err
+		}
 	}
 
 	return nil
diff --git a/flowindexer/index.go b/flowindexer/index.go
index 2f5ce88..1a5a5a6 100644
--- a/flowindexer/index.go
+++ b/flowindexer/index.go
@@ -1,6 +1,7 @@
 package flowindexer
 
 import (
+	"fmt"
 	"log"
 	"path/filepath"
 	"runtime"
@@ -20,6 +21,11 @@ func Index(s store.IpStore, b backend.Backend, filename string) error {
 		//log.Printf("%s Already indexed\n", filename)
 		return nil
 	}
+
+	if err = b.Check(); err != nil {
+		return fmt.Errorf("Backend is not usable: %v", err)
+	}
+
 	ips := ipset.New()
 	reader, err := backend.OpenDecompress(filename)
 	if err != nil {