Documentation ¶
Index ¶
- Constants
- func Bytes_Htohl(b []byte) uint32
- func Bytes_Ntohl(b []byte) uint32
- func Bytes_Ntohll(b []byte) uint64
- func Bytes_Ntohs(b []byte) uint16
- func DumpInCSVFormat(fields []string, rows [][]string) string
- func Ipv4_Ntoa(ip uint32) string
- func IsLoopback(ip_str string) (bool, error)
- func LoadGeoIPData(config Geoip) *libgeo.GeoIP
- func LocalIpAddrs() ([]net.IP, error)
- func LocalIpAddrsAsStrings(include_loopbacks bool) ([]string, error)
- func ReadString(s []byte) (string, error)
- type Cache
- func (c *Cache) CleanUp() int
- func (c *Cache) Delete(k Key) Value
- func (c *Cache) Entries() map[Key]Value
- func (c *Cache) Get(k Key) Value
- func (c *Cache) Put(k Key, v Value) Value
- func (c *Cache) PutIfAbsent(k Key, v Value) Value
- func (c *Cache) PutIfAbsentWithTimeout(k Key, v Value, timeout time.Duration) Value
- func (c *Cache) PutWithTimeout(k Key, v Value, timeout time.Duration) Value
- func (c *Cache) Replace(k Key, v Value) Value
- func (c *Cache) ReplaceWithTimeout(k Key, v Value, timeout time.Duration) Value
- func (c *Cache) Size() int
- func (c *Cache) StartJanitor(interval time.Duration)
- func (c *Cache) StopJanitor()
- type CmdlineTuple
- type Endpoint
- type Eventer
- type Geoip
- type HashableIpPortTuple
- type HashableTcpTuple
- type IpPortTuple
- type Key
- type MapStr
- type RemovalListener
- type TcpTuple
- type Time
- type Value
Constants ¶
const ( OK_STATUS = "OK" ERROR_STATUS = "Error" SERVER_ERROR_STATUS = "Server Error" CLIENT_ERROR_STATUS = "Client Error" )
standardized status values
const MaxIpPortTupleRawSize = 16 + 16 + 2 + 2
const MaxTcpTupleRawSize = 16 + 16 + 2 + 2 + 4
const TsLayout = "2006-01-02T15:04:05.000Z"
Layout to be used in the timestamp marshaling/unmarshaling everywhere. The timezone must always be UTC.
Variables ¶
This section is empty.
Functions ¶
func Bytes_Htohl ¶
func Bytes_Ntohl ¶
func Bytes_Ntohll ¶
func Bytes_Ntohs ¶
func DumpInCSVFormat ¶
Takes a set of fields and rows and returns a string representing the CSV representation for the fields and rows.
func IsLoopback ¶
IsLoopback check if a particular IP notation corresponds to a loopback interface.
func LoadGeoIPData ¶
func LoadGeoIPData(config Geoip) *libgeo.GeoIP
func LocalIpAddrs ¶
LocalIpAddrs finds the IP addresses of the hosts on which the shipper currently runs on.
func LocalIpAddrsAsStrings ¶
LocalIpAddrs finds the IP addresses of the hosts on which the shipper currently runs on and returns them as an array of strings.
func ReadString ¶
ReadString extracts the first null terminated string from a slice of bytes.
Types ¶
type Cache ¶
Cache is a semi-persistent mapping of keys to values. Elements added to the cache are store until they are explicitly deleted or are expired due time- based eviction based on last access time.
Expired elements are not visible through classes methods, but they do remain stored in the cache until CleanUp() is invoked. Therefore CleanUp() must be invoked periodically to prevent the cache from becoming a memory leak. If you want to start a goroutine to perform periodic clean-up then see StartJanitor().
Cache does not support storing nil values. Any attempt to put nil into the cache will cause a panic.
func NewCache ¶
NewCache creates and returns a new Cache. d is the length of time after last access that cache elements expire. initialSize is the initial allocation size used for the Cache's underlying map.
func NewCacheWithRemovalListener ¶
func NewCacheWithRemovalListener(d time.Duration, initialSize int, l RemovalListener) *Cache
NewCacheWithRemovalListener creates and returns a new Cache and register a RemovalListener callback function. d is the length of time after last access that cache elements expire. initialSize is the initial allocation size used for the Cache's underlying map. l is the callback function that will be invoked when cache elements are removed from the map on CleanUp.
func (*Cache) CleanUp ¶
CleanUp performs maintenance on the cache by removing expired elements from the cache. If a RemoveListener is registered it will be invoked for each element that is removed during this clean up operation. The RemovalListener is invoked on the caller's goroutine.
func (*Cache) Delete ¶
Delete a key from the map and return the value or nil if the key does not exist. The RemovalListener is not notified for explicit deletions.
func (*Cache) Get ¶
Get the current value associated with a key or nil if the key is not present. The last access time of the element is updated.
func (*Cache) Put ¶
Put writes the given key and value to the map replacing any existing value if it exists. The previous value associated with the key returned or nil if the key was not present.
func (*Cache) PutIfAbsent ¶
PutIfAbsent writes the given key and value to the cache only if the key is absent from the cache. Nil is returned if the key-value pair were written, otherwise the old value is returned.
func (*Cache) PutIfAbsentWithTimeout ¶
PutIfAbsentWithTimeout writes the given key and value to the cache only if the key is absent from the cache. Nil is returned if the key-value pair were written, otherwise the old value is returned. The cache expiration time will be overwritten by timeout of the key being inserted.
func (*Cache) PutWithTimeout ¶
PutWithTimeout writes the given key and value to the map replacing any existing value if it exists. The previous value associated with the key returned or nil if the key was not present. The cache expiration time will be overwritten by timeout of the key being inserted.
func (*Cache) Replace ¶
Replace overwrites the value for a key only if the key exists. The old value is returned if the value is updated, otherwise nil is returned.
func (*Cache) ReplaceWithTimeout ¶
ReplaceWithTimeout overwrites the value for a key only if the key exists. The old value is returned if the value is updated, otherwise nil is returned. The cache expiration time will be overwritten by timeout of the key being inserted.
func (*Cache) Size ¶
Size returns the number of elements in the cache. The number includes both active elements and expired elements that have not been cleaned up.
func (*Cache) StartJanitor ¶
StartJanitor starts a goroutine that will periodically invoke the cache's CleanUp() method.
func (*Cache) StopJanitor ¶
func (c *Cache) StopJanitor()
StopJanitor stops the goroutine created by StartJanitor.
type CmdlineTuple ¶
type CmdlineTuple struct {
Src, Dst []byte
}
Source and destination process names, as found by the proc module.
type HashableIpPortTuple ¶
type HashableIpPortTuple [MaxIpPortTupleRawSize]byte
type HashableTcpTuple ¶
type HashableTcpTuple [MaxTcpTupleRawSize]byte
type IpPortTuple ¶
type IpPortTuple struct { Ip_length int Src_ip, Dst_ip net.IP Src_port, Dst_port uint16 // contains filtered or unexported fields }
func NewIpPortTuple ¶
func (*IpPortTuple) ComputeHashebles ¶
func (t *IpPortTuple) ComputeHashebles()
func (*IpPortTuple) Hashable ¶
func (t *IpPortTuple) Hashable() HashableIpPortTuple
Hashable returns a hashable value that uniquely identifies the IP-port tuple.
func (*IpPortTuple) RevHashable ¶
func (t *IpPortTuple) RevHashable() HashableIpPortTuple
Hashable returns a hashable value that uniquely identifies the IP-port tuple after swapping the source and destination.
func (*IpPortTuple) String ¶
func (t *IpPortTuple) String() string
type MapStr ¶
type MapStr map[string]interface{}
Commonly used map of things, used in JSON creation and the like.
func MapStrUnion ¶
MapStrUnion creates a new MapStr containing the union of the key-value pairs of the two maps. If the same key is present in both, the key-value pairs from dict2 overwrite the ones from dict1.
func (MapStr) EnsureCountField ¶
func (MapStr) EnsureTimestampField ¶
Checks if a timestamp field exists and if it doesn't it adds one by using the injected now() function as a time source.
type RemovalListener ¶
RemovalListener is the callback function type that can be registered with the cache to receive notification of the removal of expired elements.
type TcpTuple ¶
type TcpTuple struct { Ip_length int Src_ip, Dst_ip net.IP Src_port, Dst_port uint16 Stream_id uint32 // contains filtered or unexported fields }
func TcpTupleFromIpPort ¶
func TcpTupleFromIpPort(t *IpPortTuple, tcp_id uint32) TcpTuple
func (*TcpTuple) ComputeHashebles ¶
func (t *TcpTuple) ComputeHashebles()
func (*TcpTuple) Hashable ¶
func (t *TcpTuple) Hashable() HashableTcpTuple
Hashable() returns a hashable value that uniquely identifies the TCP tuple.
func (TcpTuple) IpPort ¶
func (t TcpTuple) IpPort() *IpPortTuple
Returns a pointer to the equivalent IpPortTuple.
type Time ¶
func MustParseTime ¶
MustParseTime is a convenience equivalent of the ParseTime function that panics in case of errors.
func (Time) MarshalJSON ¶
MarshalJSON implements json.Marshaler interface. The time is a quoted string in the JsTsLayout format.
func (*Time) UnmarshalJSON ¶
UnmarshalJSON implements js.Unmarshaler interface. The time is expected to be a quoted string in TsLayout format.