• Stars
    star
    158
  • Rank 237,131 (Top 5 %)
  • Language
    Python
  • License
    BSD 2-Clause "Sim...
  • Created about 7 years ago
  • Updated over 3 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

A plugin-oriented tool for automating the investigation of broken hosts and services.

Fossor License Build Status Coverage Status Gitter chat

Fossor is "one who digs" in Latin.
A plugin oriented tool for automating the investigation of broken hosts and services.

Why?

Many of the initial troubleshooting tasks humans perform during an oncall escalation are the same between escalations. Fossor is a tool for automating these investigation steps. Common investigation steps can be placed into plugins that then report back to the user if they have unexpected output when Fossor is run. Unlike humans which perform tasks in serial, Fossor runs its plugins in parallel as separate processes. Output is streamed back asynchronously to the user for immediate interpretation as each plugin finishes.

Examples of common investigative tasks:

Checking for:

  • New errors in a process's logs
  • New dmesg messages
  • Recent network interface errors
  • Recent surges in system log volume
  • Memory fragmentation.
  • High disk utilization
  • High memory usage
  • High Load averages
  • High thread count
  • RAID status

Quick Start

To start using Fossor immediately with the generic built in plugins, install it using the instructions below. Then run fossor, optionally providing a pid if you're interested in a specific process.

fossor -p <pid>

If you have additional plugins, place them in /opt/fossor/. By default Fossor will run any plugins found in this location.

Install Requirements

Fossor has the following requirements:

  • Python 3.6 or higher
  • python-devel packages

Red Hat / CentOS

These instructions were tested on CentOS 7.

sudo yum update
sudo yum install yum-utils
sudo yum groupinstall development
sudo yum install https://centos7.iuscommunity.org/ius-release.rpm
sudo yum install python36u
sudo yum install python36u-pip
sudo yum install python36u-devel

Ubuntu 17.10

Install tested against Ubuntu 17.10, which includes a Python 3.6 system installation.

sudo apt-get install python3-dev
sudo apt-get install python3-venv
sudo apt-get install gcc
pip install --upgrade pip wheel # or install these updates into your virtualenv

Install Fossor

Once the requirements from above are installed, install Fossor using one of the commands below:

Install system-wide
sudo pip3.6 install fossor
Install for a specific user
pip3.6 install fossor --user

How does it work?

There are three types of plugins that Fossor runs in this order: variable plugins -> check plugins -> report plugins.

Variable Plugins

Variable plugins are used to gather information for Check plugins. They are optional, and useful for when multiple check plugins need to gather the same information. An example of a variable plugin would be retrieving the hostname.

Check Plugins

Check plugins perform a single investigation task. If something interesting is found, the plugin will return a string indicating this should be included in the report.

Report Plugins

Report plugins format the data from the check plugins. This defaults to stdout. Specifying additional reports will cause those to be generated using that plugin as well.

Contributing Code

Adding your own plugins

Several ways to use your own plugins with Fossor

  1. Add them as public Generic Plugins
  2. Add custom plugins to a local directory
    • Add your custom plugin to your /opt/fossor directory. By default Fossor checks and runs plugins from this location, this can be overridden via CLI flags.
  3. Build and wrap Fossor
    • Fossor is both a CLI and a Python library. Import the Fossor engine into your own tool, and add any local plugins you've made by passing a module or a filesystem path to add_plugins().
     from fossor.engine import Fossor
     from fossor.cli import main
    
     @fossor_cli_flags
     def main(context, **kwargs):
         f = Fossor()
    
         f.run(**kwargs)

Example Plugins

Creating plugins is simple. By default, if a plugin returns a value then it's output is interesting and will be included in the report.

Example Variable Plugin

from fossor.variables.variable import Variable

class ExampleVariable(Variable):
    def run(self, variables):
        '''If a string is returned from this method, it will be saved as a variable'''
        if 'Debug' not in variables:
            return
        if variables['Debug'] is True:
            self.log.debug("Logging example")
            return "This is an example variable that only returns when Debug is True."

Example Check Plugin

from fossor.checks.check import Check

class ExampleCheck(Check):

    def run(self, variables):
        '''If a string is returned from this method, it will be reported as "interesting" output for this plugin'''
        if 'Debug' not in variables:
            return
        if variables['Debug'] is True:
            self.log.debug("Logging example")
            return 'This is an example of a check plugin. It only prints when Debug is True.

More information / FAQ

Can I contribute a plugin that checks a specific piece of software?

Yes, as long as the software it is checking is publicly available software.

Can my plugin break Fossor?

It's possible, but Fossor tries to prevent it by isolating each plugin in its own process. If your plugin breaks, by default it will not show up in the report unless --debug is being used. If you've found a way to break Fossor and not just your own plugin, lets patch it :).

How do I run Fossor with a specific variable overridden?

In addition to supporting the flags listed in --help, Fossor also supports a generic format for inserting variables. The format is: variablename="value". This is intended for testing only. Ideally, all you need to type when you login to a machine is "fossor", or "fossor --pid ". Example: fossor --pid 3420 --verbose OverrideVariableForTesting="value"

How do I make my plugin always emit output when --verbose is in use?

To do this override the should_notify method. The checks/buddyinfo.py plugin has an example of this. If should_notify is overridden, it becomes a boolean method that indicates if the normal non-verbose report should display output. This means the check can always return a string without it necessarily being "interesting".

I still have a question not answered here

Feel free to reach out on the Fossor Gitter channel.

More Repositories

1

hopscotch

A framework to make it easy for developers to add product tours to their pages.
JavaScript
4,200
star
2

LayoutKit

LayoutKit is a fast view layout library for iOS, macOS, and tvOS.
Swift
3,162
star
3

camus

LinkedIn's previous generation Kafka to HDFS pipeline.
Java
883
star
4

indextank-engine

Indexing engine for IndexTank
Java
844
star
5

LIExposeController

Expose style navigation for iOS apps
Objective-C
742
star
6

Selene

iOS library which schedules the execution of tasks on a background fetch
Objective-C
642
star
7

datafu

Hadoop library for large-scale data processing, now an Apache Incubator project
Java
585
star
8

cleo

A flexible, partial, out-of-order and real-time typeahead search library
Java
559
star
9

sensei

distributed realtime searchable database
Java
540
star
10

inject

AMD and CJS dependency management in the browser
JavaScript
464
star
11

indextank-service

The API, BackOffice, Storefront, and Nebulizer for IndexTank
Python
382
star
12

venus.js

where bugs go to die
JavaScript
298
star
13

Fiber

Lightweight JavaScript prototypal inheritance model
JavaScript
279
star
14

sepia

Sepia is a VCR-like module for node.js that records HTTP interactions, then plays them back exactly like the first time they were invoked
JavaScript
278
star
15

JTune

A high precision Java CMS optimizer
Python
271
star
16

scanns

A scalable nearest neighbor search library in Apache Spark
Scala
253
star
17

Cubert

Fast and efficient batch computation engine for complex analysis and reporting of massive datasets on Hadoop
Java
247
star
18

naarad

Naarad is a highly configurable system analysis tool that parses and plots timeseries data for better visual correlation. Naarad was built to help in performance analysis and investigations.
Python
238
star
19

simoorg

Failure inducer framework
Python
191
star
20

white-elephant

Hadoop log aggregator and dashboard
Java
191
star
21

nginx-config-builder

A python library for building nginx configuration files programatically
Python
170
star
22

Zopkio

A Functional and Performance Test Framework for Distributed Systems
Python
160
star
23

api-get-started

LinkedIn REST API Getting Started Tutorial
Java
158
star
24

dustjs-helpers

Helpers for dustjs-linkedin
JavaScript
114
star
25

archetype

Archetype is a Compass/Sass based framework for authoring configurable, composable UI components and patterns.
Ruby
102
star
26

Isaac

This library parses data from JSON objects into NSObject models without needing to write parsing code for each model.
Objective-C
97
star
27

linkedin-utils

Base utilities shared by all linkedin open source projects
Java
88
star
28

lafayette

Lafayette is a system to store various email abuse reports sent in ARF.
Python
74
star
29

rest.li-api-hub

API Hub is a web UI for browsing and searching a catalog of Rest.li APIs.
Scala
73
star
30

jaqen

Jaqen - Simple DNS rebinding
Go
70
star
31

Backbone.TableView

Backbone View to render collections as tables
CoffeeScript
70
star
32

linkedin-zookeeper

This project provides utilities and wrappers around ZooKeeper
Java
64
star
33

sometime

A BurpSuite plugin to detect Same Origin Method Execution vulnerabilities
Java
60
star
34

RookBoom

A web application for creating meetings.
Scala
45
star
35

datacl

A collection of efficient utilities for a data scientist.
C
40
star
36

mobster

Mobster is a tool that can help you get deeper understanding into the performance of mobile web applications on real mobile devices
Python
38
star
37

vagrant-autodns

Vagrant plugin for automagically managing guest DNS
Ruby
36
star
38

dmarc-msys

This set of scripts in Lua implements DMARC policy checking and reporting for the Message Systems MTA products, a popular extendable commercial MTA.
Lua
36
star
39

talkin

TalkIn is an interface providing safe and easy unidirectional cross-document communication.
JavaScript
31
star
40

play-testng-plugin

TestNG runner for the Play Framework 2.4
Java
24
star
41

sin

JavaScript
24
star
42

insframe

Central hub for distributing web apps to multiple browsers on multiple environments
JavaScript
22
star
43

Tachyon-iOS

Tachyon provides configurable UI components for iOS that are commonly used in calendar features and applications.
Objective-C
21
star
44

postcss-lang-optimizer

PostCSS plugin to extract language specific CSS rulesets to their own CSS files to optimize stylesheet delivery.
JavaScript
21
star
45

bowser

Extensible language parser with Python-like syntax. Written in Java and antlr.
Java
18
star
46

adfullssl

AdFullSsl is a tool that can automatically detect SSL non-compliant ads and fix them
Python
16
star
47

dustjs-filters-secure

extend dustjs-linkedin to enhance the filters methods
JavaScript
15
star
48

gradle-plugin-insight

Automatic, effortless, accurate documentation for any Gradle plugin
Groovy
13
star
49

timingz.js

Measure code execution in the browser and derive statistical data
JavaScript
13
star
50

Idiomatic-JSLint

JavaScript
12
star
51

streaming

10
star
52

custom-gradle-plugin-portal

An example implementation of a gradle plugin portal.
Java
9
star
53

sbt-restli

A collection of sbt plugins providing build integration for the rest.li REST framework
Scala
9
star
54

PTYHooks

Python
9
star
55

MTBT

Java
9
star
56

inject-bower

Please use linkedin/inject
JavaScript
6
star
57

rest.li-skeleton.g8

Rest.li tool for generating skeleton rest.li projects.
Shell
5
star
58

naarad-examples

Example logs and configs for naarad
3
star
59

html5-presentation

Code for the "Building a Performant HTML5 App" presentation at http://www.meetup.com/SF-Web-Performance-Group/events/71651452/
2
star