event

package
v0.32.3 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 11, 2022 License: GPL-3.0 Imports: 2 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Channel added in v0.26.2

type Channel struct {
	DirID int
	Ch    chan NormalizedEvent
}

Channel define event channel with directive ID

type NormalizedEvent

type NormalizedEvent struct {
	ConnID       uint64 `json:"conn_id,omitempty"`
	EventID      string `json:"event_id"`
	Timestamp    string `json:"timestamp"`
	Title        string `json:"title,omitempty"`
	Sensor       string `json:"sensor"`
	PluginID     int    `json:"plugin_id,omitempty"`
	PluginSID    int    `json:"plugin_sid,omitempty"`
	Product      string `json:"product,omitempty"`
	Category     string `json:"category,omitempty"`
	SubCategory  string `json:"subcategory,omitempty"`
	SrcIP        string `json:"src_ip"`
	SrcPort      int    `json:"src_port"`
	DstIP        string `json:"dst_ip"`
	DstPort      int    `json:"dst_port"`
	Protocol     string `json:"protocol"`
	CustomData1  string `json:"custom_data1,omitempty"`
	CustomLabel1 string `json:"custom_label1,omitempty"`
	CustomData2  string `json:"custom_data2,omitempty"`
	CustomLabel2 string `json:"custom_label2,omitempty"`
	CustomData3  string `json:"custom_data3,omitempty"`
	CustomLabel3 string `json:"custom_label3,omitempty"`
	RcvdTime     int64  `json:"rcvd_time,omitempty"`    // for backpressure control
	TraceParent  string `json:"trace_parent,omitempty"` // for distributed tracing
	TraceState   string `json:"trace_state,omitempty"`  // for distributed tracing
}

NormalizedEvent represents data received from logstash

func (*NormalizedEvent) DstIPInHomeNet

func (e *NormalizedEvent) DstIPInHomeNet() bool

DstIPInHomeNet check if event DstIP is is HOME_NET

func (*NormalizedEvent) FromBytes

func (e *NormalizedEvent) FromBytes(b []byte) error

FromBytes initialize NormalizedEvent

func (*NormalizedEvent) SrcIPInHomeNet

func (e *NormalizedEvent) SrcIPInHomeNet() bool

SrcIPInHomeNet check if event SrcIP is is HOME_NET

func (*NormalizedEvent) ToBytes

func (e *NormalizedEvent) ToBytes() (b []byte, err error)

ToBytes return byte rep of event

func (*NormalizedEvent) Valid

func (e *NormalizedEvent) Valid() bool

Valid check if event contains valid content for required fields

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL