2. About
BGPalerter is a self-configuring BGP prefix monitoring tool, which allows you to monitor in real-time
if:
• any of your prefixes loses visibility;
• any of your prefixes is hijacked;
• your AS is announcing RPKI invalid prefixes (e.g. not matching prefix length);
• your AS is announcing prefixes not covered by a ROAs;
• your AS is announcing a new prefix that was never announced before;
• one of the AS path used to reach your prefix matches a specific condition defined by you.
You just run it. You don't need to provide any data source or connect it to anything in your network
since it connects to public repos.
https://github.com/nttgin/BGPalerter
3. Composition
3 main components: connectors, monitors, and
reports.
Connectors retrieve/listen to the data from different
sources and transform them to a common format.
Monitors analyze the data flow and produce alerts.
Different monitors try to detect different issues.
Reports send/store the alerts, e.g. by email or to a
file. Reports can also provide the data triggering such
alerts.
https://github.com/nttgin/BGPalerter
4. Installation
Download the binary:
wget https://github.com/nttgin/BGPalerter/releases/latest/download/bgpalerter-linux-x64
Download config.yml.example as config.yml (in the same directory of the binary)
Make the binary executable (e.g. chmod +x bgpalerter-linux-x64)
Auto-configure it:
./bgpalerter-linux-x64 generate -a _YOUR_ASN_ -o prefixes.yml -i -m
Run it:
./bgpalerter-linux-x64 & to leave it running after you close the terminal
https://github.com/nttgin/BGPalerter
5. Configuration
For any kind of configuration, config.yml file is used.
Basically nothing much to configure apart from reporting method.
You can get notified by BGPalerter in case of any monitoring channel matches by various platform.
You will get the notification logs at /logs/
Reporting platforms available now are : File, E-mail, Slack, Kafka, Syslog, Alerta dashboard, Webex,
HTTP URL, Telegram, Mattermost, Pushover
I will show Mail and Telegram configuration.
https://github.com/nttgin/BGPalerter
6. Configuration
Notification interval time is 14400 seconds by default. Considering BGP hold time, I’ve configured it
to 600 seconds.
For Mail reporting:
- file: reportEmail
channels:
- hijack
- newprefix
- visibility
- path
- misconfiguration
- rpki
params:
showPaths: 5 # Amount of AS_PATHs to report in the alert
senderEmail: zzzzzzzzz@something.net
smtp:
host: HOST
port: 25
ignoreTLS: true
auth:
user: USERNAME
pass: PASSWORD
type: login
notifiedEmails:
default:
- reciepiant@something.net
7. Configuration
For Telegram reporting:
- file: reportTelegram
channels:
- hijack
- newprefix
- visibility
- path
- misconfiguration
- rpki
params:
showPaths: 5 # Amount of AS_PATHs to report in the alert
botUrl: https://api.telegram.org/bot13xxxxxxxxxxxxxxx:xxxxxxxxxxxxxxxxxxx8w/sendMessage
chatIds:
default: -40xxxxxxxxxxx7
For Telegram configuration, you will need HTTP API Token of
your Telegram Bot and the Chat ID of the user or group
where you want to send the notification.
Next few slides will show how to get these.
10. Configuration
To activate your newly created
Bot you need to use another Bot
Named ‘Livegram Bot’.
Add your newly created Bot in
Livegram to activate it.
12. Configuration
To get the Chat ID, you need to
use another Bot named ‘IDBot’.
Use /getid from individual account
Or /getgroupid from group account
To get the chat id for individual or
Groups.
17. Monitoring
In config.yml file, configure the monitoring process. This API can be used for monitoring the uptime of BGPalerter.
You can use UPTIMEROBOT like free services for monitoring.
You can get the API response at http://[SERVER_IP]:8011/status
processMonitors:
- file: uptimeApi
params:
useStatusCodes: true
host: localhost
port: 8011 #allow port 8011 in your iptable/firewall