types

package
v1.5.16 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 20, 2023 License: MIT Imports: 24 Imported by: 1

Documentation

Index

Constants

View Source
const (
	LIVE = iota
	TIMEMACHINE
)

Leakybucket can be in mode LIVE or TIMEMACHINE

View Source
const (
	LOG = iota
	OVFLW
)
View Source
const (
	Undefined = ""
	Ip        = "Ip"
	Range     = "Range"
	Filter    = "Filter"
	Country   = "Country"
	AS        = "AS"
)

Move in leakybuckets

View Source
const ApiKeyAuthType = "api-key"
View Source
const CAPIBaseURL = "https://api.crowdsec.net/"
View Source
const CAPIOrigin = "CAPI"
View Source
const ConsoleOrigin = "console"
View Source
const CrowdSecOrigin = "crowdsec"
View Source
const CscliImportOrigin = "cscli-import"
View Source
const CscliOrigin = "cscli"
View Source
const DecisionTypeBan = "ban"
View Source
const ListOrigin = "lists"
View Source
const PAPIBaseURL = "https://papi.api.crowdsec.net/"
View Source
const PAPIPermissionsUrl = "/permissions"
View Source
const PAPIPollUrl = "/decisions/stream/poll"
View Source
const PAPIVersion = "v1"
View Source
const PasswordAuthType = "password"
View Source
const TlsAuthType = "tls"

Variables

View Source
var LogOutput *lumberjack.Logger //io.Writer

Functions

func Addr2Ints

func Addr2Ints(anyIP string) (int, int64, int64, int64, int64, error)

returns a range for any ip or range

func BoolPtr

func BoolPtr(b bool) *bool

func CatchPanic

func CatchPanic(component string)

CatchPanic is a util func that we should call from all go-routines to ensure proper stacktrace handling

func Clone

func Clone(a, b interface{}) error

func ConfigureLogger

func ConfigureLogger(clog *log.Logger) error

func CopyFile

func CopyFile(sourceSymLink, destinationFile string) (err error)

copy the file, ioutile doesn't offer the feature

func GetData

func GetData(data []*DataSource, dataDir string) error

func GetLineCountForFile

func GetLineCountForFile(filepath string) int

func GetOrigins

func GetOrigins() []string

func IP2Ints

func IP2Ints(pip net.IP) (int, int64, int64, error)

size (16|4), network, suffix, error

func InSlice

func InSlice(str string, slice []string) bool

func Int32Ptr

func Int32Ptr(i int32) *int32

func IntPtr

func IntPtr(i int) *int

func LastAddress

func LastAddress(n net.IPNet) net.IP

func ParseDuration

func ParseDuration(d string) (time.Duration, error)

func Range2Ints

func Range2Ints(network net.IPNet) (int, int64, int64, int64, int64, error)

size (16|4), nw_start, suffix_start, nw_end, suffix_end, error

func SetDefaultLoggerConfig

func SetDefaultLoggerConfig(cfgMode string, cfgFolder string, cfgLevel log.Level, maxSize int, maxFiles int, maxAge int, compress *bool, forceColors bool) error

func StrPtr

func StrPtr(s string) *string

func StripAnsiString

func StripAnsiString(str string) string

func UtcNow

func UtcNow() time.Time

func WriteStackTrace

func WriteStackTrace(iErr interface{}) string

Types

type DataCapture

type DataCapture struct {
	Name            string        `yaml:"name,omitempty"`
	Key             string        `yaml:"key,omitempty"`
	KeyExpression   *vm.Program   `yaml:"-"`
	Value           string        `yaml:"value,omitempty"`
	ValueExpression *vm.Program   `yaml:"-"`
	TTL             string        `yaml:"ttl,omitempty"`
	TTLVal          time.Duration `yaml:"-"`
	MaxMapSize      int           `yaml:"size,omitempty"`
	Strategy        string        `yaml:"strategy,omitempty"`
}

type DataSet

type DataSet struct {
	Data []*DataSource `yaml:"data,omitempty"`
}

type DataSource

type DataSource struct {
	SourceURL string `yaml:"source_url"`
	DestPath  string `yaml:"dest_file"`
	Type      string `yaml:"type"`
	//Control cache strategy on expensive regexps
	Cache    *bool          `yaml:"cache"`
	Strategy *string        `yaml:"strategy"`
	Size     *int           `yaml:"size"`
	TTL      *time.Duration `yaml:"ttl"`
}

type Event

type Event struct {
	/* is it a log or an overflow */
	Type            int    `yaml:"Type,omitempty" json:"Type,omitempty"`             //Can be types.LOG (0) or types.OVFLOW (1)
	ExpectMode      int    `yaml:"ExpectMode,omitempty" json:"ExpectMode,omitempty"` //how to buckets should handle event : types.TIMEMACHINE or types.LIVE
	Whitelisted     bool   `yaml:"Whitelisted,omitempty" json:"Whitelisted,omitempty"`
	WhitelistReason string `yaml:"WhitelistReason,omitempty" json:"whitelist_reason,omitempty"`
	//should add whitelist reason ?
	/* the current stage of the line being parsed */
	Stage string `yaml:"Stage,omitempty" json:"Stage,omitempty"`
	/* original line (produced by acquisition) */
	Line Line `yaml:"Line,omitempty" json:"Line,omitempty"`
	/* output of groks */
	Parsed map[string]string `yaml:"Parsed,omitempty" json:"Parsed,omitempty"`
	/* output of enrichment */
	Enriched map[string]string `yaml:"Enriched,omitempty" json:"Enriched,omitempty"`
	/* output of Unmarshal */
	Unmarshaled map[string]interface{} `yaml:"Unmarshaled,omitempty" json:"Unmarshaled,omitempty"`
	/* Overflow */
	Overflow      RuntimeAlert `yaml:"Overflow,omitempty" json:"Alert,omitempty"`
	Time          time.Time    `yaml:"Time,omitempty" json:"Time,omitempty"` //parsed time `json:"-"` “
	StrTime       string       `yaml:"StrTime,omitempty" json:"StrTime,omitempty"`
	StrTimeFormat string       `yaml:"StrTimeFormat,omitempty" json:"StrTimeFormat,omitempty"`
	MarshaledTime string       `yaml:"MarshaledTime,omitempty" json:"MarshaledTime,omitempty"`
	Process       bool         `yaml:"Process,omitempty" json:"Process,omitempty"` //can be set to false to avoid processing line
	/* Meta is the only part that will make it to the API - it should be normalized */
	Meta map[string]string `yaml:"Meta,omitempty" json:"Meta,omitempty"`
}

Event is the structure representing a runtime event (log or overflow)

func (*Event) GetMeta

func (e *Event) GetMeta(key string) string

func (*Event) GetType

func (e *Event) GetType() string

type ExtraField

type ExtraField struct {
	//if the target is indicated by name Struct.Field etc,
	TargetByName string `yaml:"target,omitempty"`
	//if the target field is in Event map
	Parsed string `yaml:"parsed,omitempty"`
	//if the target field is in Meta map
	Meta string `yaml:"meta,omitempty"`
	//if the target field is in Enriched map
	Enriched string `yaml:"enriched,omitempty"`
	//the source is a static value
	Value string `yaml:"value,omitempty"`
	//or the result of an Expression
	ExpValue     string      `yaml:"expression,omitempty"`
	RunTimeValue *vm.Program `json:"-"` //the actual compiled filter
	//or an enrichment method
	Method string `yaml:"method,omitempty"`
}

Used mostly for statics

type GrokPattern

type GrokPattern struct {
	//the field to which regexp is going to apply
	TargetField string `yaml:"apply_on,omitempty"`
	//the grok/regexp by name (loaded from patterns/*)
	RegexpName string `yaml:"name,omitempty"`
	//a proper grok pattern
	RegexpValue string `yaml:"pattern,omitempty"`
	//the runtime form of regexpname / regexpvalue
	RunTimeRegexp grokky.Pattern `json:"-"` //the actual regexp
	//the output of the expression is going to be the source for regexp
	ExpValue     string      `yaml:"expression,omitempty"`
	RunTimeValue *vm.Program `json:"-"` //the actual compiled filter
	//a grok can contain statics that apply if pattern is successful
	Statics []ExtraField `yaml:"statics,omitempty"`
}

type Line

type Line struct {
	Raw     string            `yaml:"Raw,omitempty"`
	Src     string            `yaml:"Src,omitempty"`
	Time    time.Time         //acquis time
	Labels  map[string]string `yaml:"Labels,omitempty"`
	Process bool
	Module  string `yaml:"Module,omitempty"`
}

type Profile

type Profile struct {
	Profile       string             `yaml:"profile"`
	Filter        string             `yaml:"filter"`
	Remediation   RemediationProfile `yaml:"remediation"`
	RunTimeFilter *vm.Program
	ApiPush       *bool               `yaml:"api"`
	OutputConfigs []map[string]string `yaml:"outputs,omitempty"`
}

type RemediationProfile

type RemediationProfile struct {
	Apply        bool
	Ban          bool
	Slow         bool
	Captcha      bool
	Duration     string
	TimeDuration time.Duration
}

Action profiles

type RuntimeAlert

type RuntimeAlert struct {
	Mapkey      string                   `yaml:"MapKey,omitempty" json:"MapKey,omitempty"`
	BucketId    string                   `yaml:"BucketId,omitempty" json:"BucketId,omitempty"`
	Whitelisted bool                     `yaml:"Whitelisted,omitempty" json:"Whitelisted,omitempty"`
	Reprocess   bool                     `yaml:"Reprocess,omitempty" json:"Reprocess,omitempty"`
	Sources     map[string]models.Source `yaml:"Sources,omitempty" json:"Sources,omitempty"`
	Alert       *models.Alert            `yaml:"Alert,omitempty" json:"Alert,omitempty"` //this one is a pointer to APIAlerts[0] for convenience.
	//APIAlerts will be populated at the end when there is more than one source
	APIAlerts []models.Alert `yaml:"APIAlerts,omitempty" json:"APIAlerts,omitempty"`
}

func (RuntimeAlert) GetSources

func (r RuntimeAlert) GetSources() []string

type ScopeType

type ScopeType struct {
	Scope         string `yaml:"type"`
	Filter        string `yaml:"expression"`
	RunTimeFilter *vm.Program
}

Move in leakybuckets

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL