Documentation ¶
Index ¶
- Constants
- Variables
- func CreateConfig(confFile, address, index, name, typ string) error
- func CreateDirective(tsvFile, outFile, kingdom, titleTemplate string, ...) error
- func CreatePlugin(cfg CreatePluginConfig) error
- func FieldMappingToLogstashField(fields *FieldMapping)
- func LogstashFieldNotation(src string) (res string)
- func Merge(cmd Commander, cfg MergeConfig, options ...MergeOptionFunc) error
- func SplitDirective(target string, suffix string, count int, delete bool) (err error)
- type ByFirstPluginSID
- type Commander
- type CreatePluginConfig
- type CustomDataSet
- type ElasticsearchInfo
- type FieldMapping
- type FileReader
- type MergeConfig
- type MergeOptionFunc
- type Plugin
- type PluginSID
- type PluginSIDSet
- type PluginSIDWithCustomDataGroup
Constants ¶
View Source
const ( FieldTypeText = "text" FieldTypeKeyword = "keyword" )
View Source
const (
TSVFileSuffix = "_plugin-sids.tsv"
)
Variables ¶
View Source
var ErrFieldMappingNotExist = errors.New("field mapping does not exist")
View Source
var (
ErrIntValueExceedBoundary = errors.New("integer value exceeds maximum value boundary")
)
View Source
var ErrNonSIDCollect = errors.New("only SID-type plugin support collect: keyword")
Functions ¶
func CreateConfig ¶
CreateConfig generates dpluger config file
func CreateDirective ¶ added in v0.15.0
func CreateDirective(tsvFile, outFile, kingdom, titleTemplate string, priority, reliability, dirNumber int) error
CreateDirective starts directive creation
func CreatePlugin ¶
func CreatePlugin(cfg CreatePluginConfig) error
CreatePlugin starts plugin creation
func FieldMappingToLogstashField ¶ added in v0.33.0
func FieldMappingToLogstashField(fields *FieldMapping)
func LogstashFieldNotation ¶ added in v0.33.0
func Merge ¶ added in v0.32.1
func Merge(cmd Commander, cfg MergeConfig, options ...MergeOptionFunc) error
Types ¶
type ByFirstPluginSID ¶ added in v0.33.0
type ByFirstPluginSID []PluginSIDWithCustomDataGroup
func (ByFirstPluginSID) Len ¶ added in v0.33.0
func (g ByFirstPluginSID) Len() int
func (ByFirstPluginSID) Less ¶ added in v0.33.0
func (g ByFirstPluginSID) Less(i, j int) bool
func (ByFirstPluginSID) Swap ¶ added in v0.33.0
func (g ByFirstPluginSID) Swap(i, j int)
type CreatePluginConfig ¶ added in v0.33.0
type CustomDataSet ¶ added in v0.33.0
type CustomDataSet struct { CustomLabel1 string `json:"custom_label1,omitempty" tsv:"custom_label1" csv:"custom_label1"` CustomData1 string `json:"custom_data1,omitempty" tsv:"custom_data1" csv:"custom_data1"` CustomLabel2 string `json:"custom_label2,omitempty" tsv:"custom_label2" csv:"custom_label2"` CustomData2 string `json:"custom_data2,omitempty" tsv:"custom_data2" csv:"custom_data2"` CustomLabel3 string `json:"custom_label3,omitempty" tsv:"custom_label3" csv:"custom_label3"` CustomData3 string `json:"custom_data3,omitempty" tsv:"custom_data3" csv:"custom_data3"` }
func (CustomDataSet) IsEmpty ¶ added in v0.33.0
func (c CustomDataSet) IsEmpty() bool
type ElasticsearchInfo ¶ added in v0.33.5
type ElasticsearchInfo struct { Name string `json:"name"` ClusterName string `json:"cluster_name"` Version struct { Distribution string `json:"distribution,omitempty"` Number string `json:"number"` BuildHash string `json:"build_hash"` BuildTimestamp string `json:"build_timestamp"` BuildSnapshot bool `json:"build_snapshot"` LuceneVersion string `json:"lucene_version"` CompatVersion string `json:"minimum_wire_compatibility_version"` } `json:"version"` TagLine string `json:"tagline"` }
type FieldMapping ¶
type FieldMapping struct { Title string `json:"title,omitempty"` Timestamp string `json:"timestamp"` TimestampFormat string `json:"timestamp_format"` Sensor string `json:"sensor"` PluginID string `json:"plugin_id,omitempty"` PluginSID string `json:"plugin_sid,omitempty"` Product string `json:"product,omitempty"` Category string `json:"category,omitempty"` SubCategory string `json:"subcategory,omitempty"` SrcIP string `json:"src_ip"` SrcPort string `json:"src_port"` DstIP string `json:"dst_ip"` DstPort string `json:"dst_port"` Protocol string `json:"protocol,omitempty"` CustomData1 string `json:"custom_data1,omitempty"` CustomLabel1 string `json:"custom_label1,omitempty"` CustomData2 string `json:"custom_data2,omitempty"` CustomLabel2 string `json:"custom_label2,omitempty"` CustomData3 string `json:"custom_data3,omitempty"` CustomLabel3 string `json:"custom_label3,omitempty"` }
FieldMapping defines field mapping
type FileReader ¶ added in v0.32.1
type MergeConfig ¶ added in v0.32.1
type MergeOptionFunc ¶ added in v0.32.1
type MergeOptionFunc func(*mergeOption)
func WithCustomFileReader ¶ added in v0.32.1
func WithCustomFileReader(fr FileReader) MergeOptionFunc
func WithCustomTransport ¶ added in v0.32.1
func WithCustomTransport(tr http.RoundTripper) MergeOptionFunc
type Plugin ¶
type Plugin struct { Name string `json:"name"` Type string `json:"type"` // SID || Taxonomy Output string `json:"output_file"` Index string `json:"index_pattern"` ES string `json:"elasticsearch_address"` IdentifierField string `json:"identifier_field"` IdentifierValue string `json:"identifier_value"` IdentifierFilter string `json:"identifier_filter"` IdentifierBlockSource string `json:"identifier_block_source"` IdentifierBlockSourceContent string `json:"-"` ESCollectionFilter string `json:"es_collect_filter"` Fields FieldMapping `json:"field_mapping"` }
Plugin defines field mapping
type PluginSID ¶ added in v0.33.0
type PluginSID struct { Name string `tsv:"plugin"` ID int `tsv:"id"` SID int `tsv:"sid"` SIDTitle string `tsv:"title"` Category string `tsv:"category"` Kingdom string `tsv:"kingdom"` CustomDataSet // contains filtered or unexported fields }
type PluginSIDSet ¶ added in v0.33.0
type PluginSIDSet []PluginSID
func (PluginSIDSet) FirstSID ¶ added in v0.33.0
func (p PluginSIDSet) FirstSID() int
func (PluginSIDSet) SID ¶ added in v0.33.0
func (p PluginSIDSet) SID() []int
type PluginSIDWithCustomDataGroup ¶ added in v0.33.0
type PluginSIDWithCustomDataGroup struct { CustomData CustomDataSet Plugins PluginSIDSet }
PluginSIDWithCustomDataGroup is mapping of a CustomDataSet to set of Plugin SID, used to map unique custom data set to list of plugin-sid along with its custom-data.
Click to show internal directories.
Click to hide internal directories.