The Nginx log analyzer based on OpenAPI analyzes the abnormal requests in Nginx requests by calling OpenAPI definition documents, so as to achieve early warning analysis and other purposes.

OpenAPI is a specification for defining the API structure. In Java, we can use swagger for automatic generation. Other languages ​​are also possible (Golang, etc.). Through this zero-cost tool for developers, we can efficiently obtain description information such as business structure, reasonable input and output of open API services.

Combining this description information with the actual access logs, we can effectively filter malicious access, such as common scanning access (scanning access services through common management pages, login pages, etc., to achieve the purpose of obtaining service vulnerabilities ).

go install gitee.com/bjf-fhe/apicat

After running the command, report.html will be generated, and the system command will be called to open it by default

Operating parameters

Flags:
  -c, --config string       Nginx配置文件
  -d, --definition string   OpenAPI definition
  -f, --format string       Nginx配置文件中的log format名称 (default "main")
  -h, --help                help for apicat
  -u, --username string     百家饭平台用户名/手机号/邮箱

Among them, -d can enter:

  • The number refers to the source id of the Baijiafan platform. When entering the number, you need to provide the -u parameter to specify the platform user name
  • url, the openapi definition url on the network, if it is a local swagger server, you can refer to this guide to get the definition json
  • local file path

-c is the path of the specified nginx configuration file. The log_format is mainly obtained from the file in order to match the log entries. If not specified, the default configuration will be used. The default configuration is:
log_format main '$remote_addr [$time_local] "$request"'
If it is inconvenient to specify the original nginx configuration, you can edit the text containing the above content as input, just include this line

-f is the name of log_format in the specified nginx configuration. log_format is in the nginx configuration, followed by log_format is the name of log_format, usually main. At this time, there is no need to specify the configuration separately. If there is any modification in the configuration, it needs to be specified through this parameter .

Specify the log path

The log path can be provided in the last digit of the running parameter.

In progress, stay tuned

If you want to know more about the functions of openapi, please visit our website, or leave a message in the official forum

#OpenApi #Log #Cat #Nginx #log #analyzer #based #OpenAPI #calling #OpenAPI #definition #document #analyze #abnormal #request #Nginx #request #achieve #purpose #early #warning #attack

Leave a Comment

Your email address will not be published. Required fields are marked *