types

package
v1.3.0-rc3 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 21, 2022 License: MIT Imports: 24 Imported by: 4

Documentation

Index

Constants

View Source
const (
	LOG = iota
	OVFLW
)
View Source
const (
	Undefined = ""
	Ip        = "Ip"
	Range     = "Range"
	Filter    = "Filter"
	Country   = "Country"
	AS        = "AS"
)

Move in leakybuckets

Variables

View Source
var LogOutput *lumberjack.Logger //io.Writer

Functions

func Addr2Ints added in v1.0.3

func Addr2Ints(any string) (int, int64, int64, int64, int64, error)

returns a range for any ip or range

func BoolPtr added in v1.2.0

func BoolPtr(b bool) *bool

func CatchPanic added in v1.0.0

func CatchPanic(component string)

CatchPanic is a util func that we should call from all go-routines to ensure proper stacktrace handling

func Clone added in v0.1.4

func Clone(a, b interface{}) error

func ConfigureLogger added in v0.1.0

func ConfigureLogger(clog *log.Logger) error

func CopyFile added in v1.0.0

func CopyFile(sourceSymLink, destinationFile string) (err error)

copy the file, ioutile doesn't offer the feature

func GetData added in v0.1.0

func GetData(data []*DataSource, dataDir string) error

func IP2Ints added in v1.0.3

func IP2Ints(pip net.IP) (int, int64, int64, error)

size (16|4), network, suffix, error

func InSlice added in v1.3.0

func InSlice(str string, slice []string) bool

func Int32Ptr added in v1.2.0

func Int32Ptr(i int32) *int32

func LastAddress

func LastAddress(n net.IPNet) net.IP

func ParseDuration added in v1.0.0

func ParseDuration(d string) (time.Duration, error)

func Range2Ints added in v1.0.3

func Range2Ints(network net.IPNet) (int, int64, int64, int64, int64, error)

size (16|4), nw_start, suffix_start, nw_end, suffix_end, error

func SetDefaultLoggerConfig added in v0.1.0

func SetDefaultLoggerConfig(cfgMode string, cfgFolder string, cfgLevel log.Level, maxSize int, maxFiles int, maxAge int, compress *bool) error

func StrPtr added in v1.2.0

func StrPtr(s string) *string

func UtcNow added in v1.3.0

func UtcNow() time.Time

func WriteStackTrace added in v1.0.12

func WriteStackTrace(iErr interface{}) string

Types

type DataSet added in v0.1.0

type DataSet struct {
	Data []*DataSource `yaml:"data,omitempty"`
}

type DataSource added in v0.1.0

type DataSource struct {
	SourceURL string `yaml:"source_url"`
	DestPath  string `yaml:"dest_file"`
	Type      string `yaml:"type"`
}

type Event

type Event struct {
	/* is it a log or an overflow */
	Type            int    `yaml:"Type,omitempty" json:"Type,omitempty"`             //Can be types.LOG (0) or types.OVFLOW (1)
	ExpectMode      int    `yaml:"ExpectMode,omitempty" json:"ExpectMode,omitempty"` //how to buckets should handle event : leaky.TIMEMACHINE or leaky.LIVE
	Whitelisted     bool   `yaml:"Whitelisted,omitempty" json:"Whitelisted,omitempty"`
	WhitelistReason string `yaml:"WhitelistReason,omitempty" json:"whitelist_reason,omitempty"`
	//should add whitelist reason ?
	/* the current stage of the line being parsed */
	Stage string `yaml:"Stage,omitempty" json:"Stage,omitempty"`
	/* original line (produced by acquisition) */
	Line Line `yaml:"Line,omitempty" json:"Line,omitempty"`
	/* output of groks */
	Parsed map[string]string `yaml:"Parsed,omitempty" json:"Parsed,omitempty"`
	/* output of enrichment */
	Enriched map[string]string `yaml:"Enriched,omitempty" json:"Enriched,omitempty"`
	/* Overflow */
	Overflow      RuntimeAlert `yaml:"Overflow,omitempty" json:"Alert,omitempty"`
	Time          time.Time    `yaml:"Time,omitempty" json:"Time,omitempty"` //parsed time `json:"-"` “
	StrTime       string       `yaml:"StrTime,omitempty" json:"StrTime,omitempty"`
	MarshaledTime string       `yaml:"MarshaledTime,omitempty" json:"MarshaledTime,omitempty"`
	Process       bool         `yaml:"Process,omitempty" json:"Process,omitempty"` //can be set to false to avoid processing line
	/* Meta is the only part that will make it to the API - it should be normalized */
	Meta map[string]string `yaml:"Meta,omitempty" json:"Meta,omitempty"`
}

Event is the structure representing a runtime event (log or overflow)

func (*Event) GetType added in v1.0.0

func (e *Event) GetType() string

type ExprWhitelist added in v0.3.1

type ExprWhitelist struct {
	Filter       *vm.Program
	ExprDebugger *exprhelpers.ExprDebugger // used to debug expression by printing the content of each variable of the expression
}

type ExtraField

type ExtraField struct {
	//if the target is indicated by name Struct.Field etc,
	TargetByName string `yaml:"target,omitempty"`
	//if the target field is in Event map
	Parsed string `yaml:"parsed,omitempty"`
	//if the target field is in Meta map
	Meta string `yaml:"meta,omitempty"`
	//if the target field is in Enriched map
	Enriched string `yaml:"enriched,omitempty"`
	//the source is a static value
	Value string `yaml:"value,omitempty"`
	//or the result of an Expression
	ExpValue     string      `yaml:"expression,omitempty"`
	RunTimeValue *vm.Program `json:"-"` //the actual compiled filter
	//or an enrichment method
	Method string `yaml:"method,omitempty"`
}

Used mostly for statics

type GrokPattern

type GrokPattern struct {
	//the field to which regexp is going to apply
	TargetField string `yaml:"apply_on,omitempty"`
	//the grok/regexp by name (loaded from patterns/*)
	RegexpName string `yaml:"name,omitempty"`
	//a proper grok pattern
	RegexpValue string `yaml:"pattern,omitempty"`
	//the runtime form of regexpname / regexpvalue
	RunTimeRegexp *grokky.Pattern `json:"-"` //the actual regexp
	//the output of the expression is going to be the source for regexp
	ExpValue     string      `yaml:"expression,omitempty"`
	RunTimeValue *vm.Program `json:"-"` //the actual compiled filter
	//a grok can contain statics that apply if pattern is successfull
	Statics []ExtraField `yaml:"statics,omitempty"`
}

type Line

type Line struct {
	Raw     string            `yaml:"Raw,omitempty"`
	Src     string            `yaml:"Src,omitempty"`
	Time    time.Time         //acquis time
	Labels  map[string]string `yaml:"Labels,omitempty"`
	Process bool
	Module  string `yaml:"Module,omitempty"`
}

type Profile

type Profile struct {
	Profile       string             `yaml:"profile"`
	Filter        string             `yaml:"filter"`
	Remediation   RemediationProfile `yaml:"remediation"`
	RunTimeFilter *vm.Program
	ApiPush       *bool               `yaml:"api"`
	OutputConfigs []map[string]string `yaml:"outputs,omitempty"`
}

type RemediationProfile

type RemediationProfile struct {
	Apply        bool
	Ban          bool
	Slow         bool
	Captcha      bool
	Duration     string
	TimeDuration time.Duration
}

Action profiles

type RuntimeAlert added in v1.0.0

type RuntimeAlert struct {
	Mapkey      string                   `yaml:"MapKey,omitempty" json:"MapKey,omitempty"`
	BucketId    string                   `yaml:"BucketId,omitempty" json:"BucketId,omitempty"`
	Whitelisted bool                     `yaml:"Whitelisted,omitempty" json:"Whitelisted,omitempty"`
	Reprocess   bool                     `yaml:"Reprocess,omitempty" json:"Reprocess,omitempty"`
	Sources     map[string]models.Source `yaml:"Sources,omitempty" json:"Sources,omitempty"`
	Alert       *models.Alert            `yaml:"Alert,omitempty" json:"Alert,omitempty"` //this one is a pointer to APIAlerts[0] for convenience.
	//APIAlerts will be populated at the end when there is more than one source
	APIAlerts []models.Alert `yaml:"APIAlerts,omitempty" json:"APIAlerts,omitempty"`
}

func (RuntimeAlert) GetSources added in v1.2.1

func (r RuntimeAlert) GetSources() []string

type ScopeType added in v1.0.0

type ScopeType struct {
	Scope         string `yaml:"type"`
	Filter        string `yaml:"expression"`
	RunTimeFilter *vm.Program
}

Move in leakybuckets

type Whitelist

type Whitelist struct {
	Reason  string   `yaml:"reason,omitempty"`
	Ips     []string `yaml:"ip,omitempty"`
	B_Ips   []net.IP
	Cidrs   []string `yaml:"cidr,omitempty"`
	B_Cidrs []*net.IPNet
	Exprs   []string `yaml:"expression,omitempty"`
	B_Exprs []*ExprWhitelist
}

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL