Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Channel ¶ added in v0.26.2
type Channel struct { DirID int Ch chan NormalizedEvent }
Channel define event channel with directive ID
type NormalizedEvent ¶
type NormalizedEvent struct { ConnID uint64 `json:"conn_id,omitempty"` EventID string `json:"event_id"` Timestamp string `json:"timestamp"` Title string `json:"title,omitempty"` Sensor string `json:"sensor"` PluginID int `json:"plugin_id,omitempty"` PluginSID int `json:"plugin_sid,omitempty"` Product string `json:"product,omitempty"` Category string `json:"category,omitempty"` SubCategory string `json:"subcategory,omitempty"` SrcIP string `json:"src_ip"` SrcPort int `json:"src_port"` DstIP string `json:"dst_ip"` DstPort int `json:"dst_port"` Protocol string `json:"protocol"` CustomData1 string `json:"custom_data1,omitempty"` CustomLabel1 string `json:"custom_label1,omitempty"` CustomData2 string `json:"custom_data2,omitempty"` CustomLabel2 string `json:"custom_label2,omitempty"` CustomData3 string `json:"custom_data3,omitempty"` CustomLabel3 string `json:"custom_label3,omitempty"` RcvdTime int64 `json:"rcvd_time,omitempty"` // for backpressure control }
NormalizedEvent represents data received from logstash
func (*NormalizedEvent) DstIPInHomeNet ¶
func (e *NormalizedEvent) DstIPInHomeNet() bool
DstIPInHomeNet check if event DstIP is is HOME_NET
func (*NormalizedEvent) FromBytes ¶
func (e *NormalizedEvent) FromBytes(b []byte) error
FromBytes initialize NormalizedEvent
func (*NormalizedEvent) SrcIPInHomeNet ¶
func (e *NormalizedEvent) SrcIPInHomeNet() bool
SrcIPInHomeNet check if event SrcIP is is HOME_NET
func (*NormalizedEvent) ToBytes ¶
func (e *NormalizedEvent) ToBytes() (b []byte, err error)
ToBytes return byte rep of event
func (*NormalizedEvent) Valid ¶
func (e *NormalizedEvent) Valid() bool
Valid check if event contains valid content for required fields
Click to show internal directories.
Click to hide internal directories.