Skip to content

Instantly share code, notes, and snippets.

@e2kaneko

e2kaneko/js

Created December 25, 2019 04:37
Show Gist options
  • Save e2kaneko/3e872d057da7f8881168ea79cf4cc4e8 to your computer and use it in GitHub Desktop.
Save e2kaneko/3e872d057da7f8881168ea79cf4cc4e8 to your computer and use it in GitHub Desktop.
Download ZIP
S3に格納されたAWS WAFログをSNSで通知する(Lambda, Node.js)
Raw
js
const aws = require("aws-sdk");
const s3 = new aws.S3();
var sns = new aws.SNS({region: 'ap-northeast-1'});
var zlib = require('zlib');
exports.handler = (event, context, callback) => {
const params = {
Bucket: "aws-waf-logs-corporate-s3",
Key: event.Records[0].s3.object.key
};
s3.getObject(params, (err, getData) => {
if (err) {
callback(err);
return;
}
const body = getData.Body;
zlib.gunzip(body, (err, data) => {
if (err) {
callback(err);
return;
}
// 解凍したデータ
const stringData = data.toString("utf-8");
// 分割
const logs = stringData.split('\n');
// Blockログのみフィルタリング
var blockLogs = logs.filter(function (evt) {
return evt.match(/BLOCK/);
}).filter(function (evt) {
return !evt.match(/$^/);
}).map(function (evt) {
return evt;
});
if(blockLogs.length == 0){
callback();
return;
}
const subject = 'Notify From AWS WAF Logs';
let payload = {default: ''};
for(const logIndex in blockLogs) {
const log = JSON.parse(blockLogs[logIndex]);
payload['default'] += log.terminatingRuleId;
payload['default'] += '|';
payload['default'] += log.httpRequest.clientIp;
payload['default'] += '|';
payload['default'] += log.httpRequest.country;
payload['default'] += '|';
for (const header in log.httpRequest.headers) {
if (log.httpRequest.headers[header].name == 'Host') {
payload['default'] += log.httpRequest.headers[header].value;
}
}
payload['default'] += '|';
payload['default'] += log.httpRequest.uri;
payload['default'] += '|';
payload['default'] += log.httpRequest.httpMethod;
payload['default'] += '|';
payload['default'] += log.httpRequest.args;
payload['default'] += '|';
payload['default'] += log.httpRequest.httpVersion;
payload['default'] += '\n';
for (const header in log.httpRequest.headers) {
if (log.httpRequest.headers[header].name == 'User-Agent') {
payload['default'] += log.httpRequest.headers[header].value;
}
}
payload['default'] += '|';
payload['default'] += log.action;
payload['default'] += '\n';
payload['default'] += '---';
payload['default'] += '\n';
}
sns.publish({
Subject: subject,
Message: JSON.stringify(payload),
MessageStructure: 'json',
TargetArn: 'arn:aws:sns:ap-northeast-1:999999999999:EXAMPLE_Topic'
}, function (err, data) {
if (err) callback(err);
else callback(null, data);
});
callback(null);
});
});
};
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment