community_id

package
v0.0.0-...-31600e6 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 31, 2022 License: Apache-2.0 Imports: 2 Imported by: 0

Documentation

Overview

Code generated by processor/generate.go - DO NOT EDIT.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type CommunityID

type CommunityID struct {
	// contains filtered or unexported fields
}

Computes the Community ID for network flow data as defined in the [Community ID Specification](https://github.com/corelight/community-id-spec). You can use a community ID to correlate network events related to a single flow.

The community ID processor reads network flow data from related Elastic Common Schema (ECS) fields by default. If you use the ECS, no configuration is required.

func New

func New(config Config) (*CommunityID, error)

New returns a new CommunityID processor.

func (*CommunityID) Config

func (p *CommunityID) Config() Config

Config returns the CommunityID processor config.

func (*CommunityID) Process

func (p *CommunityID) Process(event processor.Event) error

func (*CommunityID) String

func (p *CommunityID) String() string

type Config

type Config struct {
	// Field containing the destination IP address.
	DestinationIP string `config:"destination_ip"`

	// Field containing the destination port.
	DestinationPort string `config:"destination_port"`

	// Field containing the IANA number.
	IANANumber string `config:"iana_number"`

	// Field containing the ICMP code.
	ICMPCode string `config:"icmp_code"`

	// Field containing the ICMP type.
	ICMPType string `config:"icmp_type"`

	// Ignore failures for the processor.
	IgnoreFailure bool `config:"ignore_failure"`

	// Seed for the community ID hash. Must be between 0 and 65535
	// (inclusive). The seed can prevent hash collisions between network
	// domains, such as a staging and production network that use the same
	// addressing scheme.
	Seed int16 `config:"seed"`

	// Field containing the source IP address.
	SourceIP string `config:"source_ip"`

	// Field containing the source port.
	SourcePort string `config:"source_port"`

	// The field to assign the output value to, by default field is updated
	// in-place.
	TargetField string `config:"target_field"`

	// Field containing the transport protocol. Used only when the iana_number
	// field is not present.
	Transport string `config:"transport"`
}

Config contains the configuration options for the community_id processor.

func (*Config) InitDefaults

func (c *Config) InitDefaults()

InitDefaults initializes the configuration options to their default values.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL