common

package
v5.2.1+incompatible Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 9, 2017 License: Apache-2.0 Imports: 24 Imported by: 40,846

Documentation

Index

Constants

View Source
const (
	EventMetadataKey = "_event_metadata"
	FieldsKey        = "fields"
	TagsKey          = "tags"
)

Event metadata constants. These keys are used within libbeat to identify metadata stored in an event.

View Source
const (
	OK_STATUS           = "OK"
	ERROR_STATUS        = "Error"
	SERVER_ERROR_STATUS = "Server Error"
	CLIENT_ERROR_STATUS = "Client Error"
)

standardized status values

View Source
const MaxIPPortTupleRawSize = 16 + 16 + 2 + 2
View Source
const MaxTCPTupleRawSize = 16 + 16 + 2 + 2 + 4
View Source
const TsLayout = "2006-01-02T15:04:05.000Z"

TsLayout is the layout to be used in the timestamp marshaling/unmarshaling everywhere. The timezone must always be UTC.

Variables

View Source
var (
	// ErrKeyNotFound indicates that the specified key was not found.
	ErrKeyNotFound = errors.New("key not found")
)

Functions

func AddTags

func AddTags(ms MapStr, tags []string) error

AddTags appends a tag to the tags field of ms. If the tags field does not exist then it will be created. If the tags field exists and is not a []string then an error will be returned. It does not deduplicate the list of tags.

func BytesHtohl

func BytesHtohl(b []byte) uint32

func BytesNtohl

func BytesNtohl(b []byte) uint32

func BytesNtohll

func BytesNtohll(b []byte) uint64

func BytesNtohs

func BytesNtohs(b []byte) uint16

func DumpInCSVFormat

func DumpInCSVFormat(fields []string, rows [][]string) string

DumpInCSVFormat takes a set of fields and rows and returns a string representing the CSV representation for the fields and rows.

func IPv4Ntoa

func IPv4Ntoa(ip uint32) string

Ipv4_Ntoa transforms an IP4 address in it's dotted notation

func IsLoopback

func IsLoopback(ipStr string) (bool, error)

IsLoopback check if a particular IP notation corresponds to a loopback interface.

func LoadGeoIPData

func LoadGeoIPData(config Geoip) *libgeo.GeoIP

func LocalIPAddrs

func LocalIPAddrs() ([]net.IP, error)

LocalIPAddrs finds the IP addresses of the hosts on which the shipper currently runs on.

func LocalIPAddrsAsStrings

func LocalIPAddrsAsStrings(includeLoopbacks bool) ([]string, error)

LocalIPAddrsAsStrings finds the IP addresses of the hosts on which the shipper currently runs on and returns them as an array of strings.

func MergeFields

func MergeFields(ms, fields MapStr, underRoot bool) error

MergeFields merges the top-level keys and values in each source map (it does not perform a deep merge). If the same key exists in both, the value in fields takes precedence. If underRoot is true then the contents of the fields MapStr is merged with the value of the 'fields' key in ms.

An error is returned if underRoot is true and the value of ms.fields is not a MapStr.

func NewFlagOverwrite

func NewFlagOverwrite(
	set *flag.FlagSet,
	config *Config,
	name, path, def, usage string,
) *string

func ReadString

func ReadString(s []byte) (string, error)

ReadString extracts the first null terminated string from a slice of bytes.

Types

type Backoff

type Backoff struct {
	// contains filtered or unexported fields
}

A Backoff waits on errors with exponential backoff (limited by maximum backoff). Resetting Backoff will reset the next sleep timer to the initial backoff duration.

func NewBackoff

func NewBackoff(done <-chan struct{}, init, max time.Duration) *Backoff

func (*Backoff) Reset

func (b *Backoff) Reset()

func (*Backoff) TryWaitOnError

func (b *Backoff) TryWaitOnError(failTS time.Time, err error) bool

func (*Backoff) Wait

func (b *Backoff) Wait() bool

func (*Backoff) WaitOnError

func (b *Backoff) WaitOnError(err error) bool

type Cache

type Cache struct {
	sync.RWMutex
	// contains filtered or unexported fields
}

Cache is a semi-persistent mapping of keys to values. Elements added to the cache are store until they are explicitly deleted or are expired due time- based eviction based on last access time.

Expired elements are not visible through classes methods, but they do remain stored in the cache until CleanUp() is invoked. Therefore CleanUp() must be invoked periodically to prevent the cache from becoming a memory leak. If you want to start a goroutine to perform periodic clean-up then see StartJanitor().

Cache does not support storing nil values. Any attempt to put nil into the cache will cause a panic.

func NewCache

func NewCache(d time.Duration, initialSize int) *Cache

NewCache creates and returns a new Cache. d is the length of time after last access that cache elements expire. initialSize is the initial allocation size used for the Cache's underlying map.

func NewCacheWithRemovalListener

func NewCacheWithRemovalListener(d time.Duration, initialSize int, l RemovalListener) *Cache

NewCacheWithRemovalListener creates and returns a new Cache and register a RemovalListener callback function. d is the length of time after last access that cache elements expire. initialSize is the initial allocation size used for the Cache's underlying map. l is the callback function that will be invoked when cache elements are removed from the map on CleanUp.

func (*Cache) CleanUp

func (c *Cache) CleanUp() int

CleanUp performs maintenance on the cache by removing expired elements from the cache. If a RemoveListener is registered it will be invoked for each element that is removed during this clean up operation. The RemovalListener is invoked on the caller's goroutine.

func (*Cache) Delete

func (c *Cache) Delete(k Key) Value

Delete a key from the map and return the value or nil if the key does not exist. The RemovalListener is not notified for explicit deletions.

func (*Cache) Entries

func (c *Cache) Entries() map[Key]Value

Entries returns a shallow copy of the non-expired elements in the cache.

func (*Cache) Get

func (c *Cache) Get(k Key) Value

Get the current value associated with a key or nil if the key is not present. The last access time of the element is updated.

func (*Cache) Put

func (c *Cache) Put(k Key, v Value) Value

Put writes the given key and value to the map replacing any existing value if it exists. The previous value associated with the key returned or nil if the key was not present.

func (*Cache) PutIfAbsent

func (c *Cache) PutIfAbsent(k Key, v Value) Value

PutIfAbsent writes the given key and value to the cache only if the key is absent from the cache. Nil is returned if the key-value pair were written, otherwise the old value is returned.

func (*Cache) PutIfAbsentWithTimeout

func (c *Cache) PutIfAbsentWithTimeout(k Key, v Value, timeout time.Duration) Value

PutIfAbsentWithTimeout writes the given key and value to the cache only if the key is absent from the cache. Nil is returned if the key-value pair were written, otherwise the old value is returned. The cache expiration time will be overwritten by timeout of the key being inserted.

func (*Cache) PutWithTimeout

func (c *Cache) PutWithTimeout(k Key, v Value, timeout time.Duration) Value

PutWithTimeout writes the given key and value to the map replacing any existing value if it exists. The previous value associated with the key returned or nil if the key was not present. The cache expiration time will be overwritten by timeout of the key being inserted.

func (*Cache) Replace

func (c *Cache) Replace(k Key, v Value) Value

Replace overwrites the value for a key only if the key exists. The old value is returned if the value is updated, otherwise nil is returned.

func (*Cache) ReplaceWithTimeout

func (c *Cache) ReplaceWithTimeout(k Key, v Value, timeout time.Duration) Value

ReplaceWithTimeout overwrites the value for a key only if the key exists. The old value is returned if the value is updated, otherwise nil is returned. The cache expiration time will be overwritten by timeout of the key being inserted.

func (*Cache) Size

func (c *Cache) Size() int

Size returns the number of elements in the cache. The number includes both active elements and expired elements that have not been cleaned up.

func (*Cache) StartJanitor

func (c *Cache) StartJanitor(interval time.Duration)

StartJanitor starts a goroutine that will periodically invoke the cache's CleanUp() method.

func (*Cache) StopJanitor

func (c *Cache) StopJanitor()

StopJanitor stops the goroutine created by StartJanitor.

type CmdlineTuple

type CmdlineTuple struct {
	Src, Dst []byte
}

Source and destination process names, as found by the proc module.

type Config

type Config ucfg.Config

func LoadFile

func LoadFile(path string) (*Config, error)

func LoadFiles

func LoadFiles(paths ...string) (*Config, error)

func MergeConfigs

func MergeConfigs(cfgs ...*Config) (*Config, error)

func NewConfig

func NewConfig() *Config

func NewConfigFrom

func NewConfigFrom(from interface{}) (*Config, error)

func NewConfigWithYAML

func NewConfigWithYAML(in []byte, source string) (*Config, error)

func NewFlagConfig

func NewFlagConfig(
	set *flag.FlagSet,
	def *Config,
	name string,
	usage string,
) *Config

func (*Config) Bool

func (c *Config) Bool(name string, idx int) (bool, error)

func (*Config) Child

func (c *Config) Child(name string, idx int) (*Config, error)

func (*Config) CountField

func (c *Config) CountField(name string) (int, error)

func (*Config) Enabled

func (c *Config) Enabled() bool

func (*Config) Float

func (c *Config) Float(name string, idx int) (float64, error)

func (*Config) GetFields

func (c *Config) GetFields() []string

func (*Config) HasField

func (c *Config) HasField(name string) bool

func (*Config) Int

func (c *Config) Int(name string, idx int) (int64, error)

func (*Config) Merge

func (c *Config) Merge(from interface{}) error

func (*Config) Path

func (c *Config) Path() string

func (*Config) PathOf

func (c *Config) PathOf(field string) string

func (*Config) SetBool

func (c *Config) SetBool(name string, idx int, value bool) error

func (*Config) SetChild

func (c *Config) SetChild(name string, idx int, value *Config) error

func (*Config) SetFloat

func (c *Config) SetFloat(name string, idx int, value float64) error

func (*Config) SetInt

func (c *Config) SetInt(name string, idx int, value int64) error

func (*Config) SetString

func (c *Config) SetString(name string, idx int, value string) error

func (*Config) String

func (c *Config) String(name string, idx int) (string, error)

func (*Config) Unpack

func (c *Config) Unpack(to interface{}) error

type Endpoint

type Endpoint struct {
	IP      string
	Port    uint16
	Name    string
	Cmdline string
	Proc    string
}

Endpoint represents an endpoint in the communication.

type EventMetadata

type EventMetadata struct {
	Fields          MapStr
	FieldsUnderRoot bool `config:"fields_under_root"`
	Tags            []string
}

EventMetadata contains fields and tags that can be added to an event via configuration.

type Float

type Float float64

func (Float) MarshalJSON

func (f Float) MarshalJSON() ([]byte, error)

Defines the marshal of the Float type

type Geoip

type Geoip struct {
	Paths *[]string
}

Geoip represents a string slice of GeoIP paths

type HashableIPPortTuple

type HashableIPPortTuple [MaxIPPortTupleRawSize]byte

type HashableTCPTuple

type HashableTCPTuple [MaxTCPTupleRawSize]byte

type IPPortTuple

type IPPortTuple struct {
	IPLength         int
	SrcIP, DstIP     net.IP
	SrcPort, DstPort uint16
	// contains filtered or unexported fields
}

func NewIPPortTuple

func NewIPPortTuple(ipLength int, srcIP net.IP, srcPort uint16,
	dstIP net.IP, dstPort uint16) IPPortTuple

func (*IPPortTuple) ComputeHashebles

func (t *IPPortTuple) ComputeHashebles()

func (*IPPortTuple) Hashable

func (t *IPPortTuple) Hashable() HashableIPPortTuple

Hashable returns a hashable value that uniquely identifies the IP-port tuple.

func (*IPPortTuple) RevHashable

func (t *IPPortTuple) RevHashable() HashableIPPortTuple

Hashable returns a hashable value that uniquely identifies the IP-port tuple after swapping the source and destination.

func (*IPPortTuple) String

func (t *IPPortTuple) String() string

type Key

type Key interface{}

Key type used in the cache.

type MapStr

type MapStr map[string]interface{}

MapStr is a map[string]interface{} wrapper with utility methods for common map operations like converting to JSON.

func ConvertToGenericEvent

func ConvertToGenericEvent(m MapStr) MapStr

ConvertToGenericEvent normalizes the types contained in the given MapStr.

Nil values in maps are dropped during the conversion. Any unsupported types that are found in the MapStr are dropped and warnings are logged.

func MapStrUnion

func MapStrUnion(dict1 MapStr, dict2 MapStr) MapStr

MapStrUnion creates a new MapStr containing the union of the key-value pairs of the two maps. If the same key is present in both, the key-value pairs from dict2 overwrite the ones from dict1.

func (MapStr) Clone

func (m MapStr) Clone() MapStr

Clone returns a copy of the MapStr. It recursively makes copies of inner maps.

func (MapStr) CopyFieldsTo

func (m MapStr) CopyFieldsTo(to MapStr, key string) error

CopyFieldsTo copies the field specified by key to the given map. It will overwrite the key if it exists. An error is returned if the key does not exist in the source map.

func (MapStr) Delete

func (m MapStr) Delete(key string) error

Delete deletes the given key from the map.

func (MapStr) GetValue

func (m MapStr) GetValue(key string) (interface{}, error)

GetValue gets a value from the map. If the key does not exist then an error is returned.

func (MapStr) HasKey

func (m MapStr) HasKey(key string) (bool, error)

HasKey returns true if the key exist. If an error occurs then false is returned with a non-nil error.

func (MapStr) Put

func (m MapStr) Put(key string, value interface{}) (interface{}, error)

Put associates the specified value with the specified key. If the map previously contained a mapping for the key, the old value is replaced and returned. The key can be expressed in dot-notation (e.g. x.y) to put a value into a nested map.

If you need insert keys containing dots then you must use bracket notation to insert values (e.g. m[key] = value).

func (MapStr) String

func (m MapStr) String() string

String returns the MapStr as JSON.

func (MapStr) StringToPrint

func (m MapStr) StringToPrint() string

StringToPrint returns the MapStr as pretty JSON.

func (MapStr) Update

func (m MapStr) Update(d MapStr)

Update copies all the key-value pairs from d to this map. If the key already exists then it is overwritten. This method does not merge nested maps.

type NetString

type NetString []byte

NetString store the byte length of the data that follows, making it easier to unambiguously pass text and byte data between programs that could be sensitive to values that could be interpreted as delimiters or terminators (such as a null character).

func (NetString) MarshalText

func (n NetString) MarshalText() ([]byte, error)

MarshalText exists to implement encoding.TextMarshaller interface to treat []byte as raw string by other encoders/serializers (e.g. JSON)

type RemovalListener

type RemovalListener func(k Key, v Value)

RemovalListener is the callback function type that can be registered with the cache to receive notification of the removal of expired elements.

type TCPTuple

type TCPTuple struct {
	IPLength         int
	SrcIP, DstIP     net.IP
	SrcPort, DstPort uint16
	StreamID         uint32
	// contains filtered or unexported fields
}

func TCPTupleFromIPPort

func TCPTupleFromIPPort(t *IPPortTuple, streamID uint32) TCPTuple

func (*TCPTuple) ComputeHashebles

func (t *TCPTuple) ComputeHashebles()

func (*TCPTuple) Hashable

func (t *TCPTuple) Hashable() HashableTCPTuple

Hashable() returns a hashable value that uniquely identifies the TCP tuple.

func (TCPTuple) IPPort

func (t TCPTuple) IPPort() *IPPortTuple

Returns a pointer to the equivalent IpPortTuple.

func (TCPTuple) String

func (t TCPTuple) String() string

type Time

type Time time.Time

Time is an abstraction for the time.Time type

func MustParseTime

func MustParseTime(timespec string) Time

MustParseTime is a convenience equivalent of the ParseTime function that panics in case of errors.

func ParseTime

func ParseTime(timespec string) (Time, error)

ParseTime parses a time in the TsLayout format.

func (Time) Hash32

func (t Time) Hash32(h hash.Hash32) error

func (Time) MarshalJSON

func (t Time) MarshalJSON() ([]byte, error)

MarshalJSON implements json.Marshaler interface. The time is a quoted string in the JsTsLayout format.

func (*Time) UnmarshalJSON

func (t *Time) UnmarshalJSON(data []byte) (err error)

UnmarshalJSON implements js.Unmarshaler interface. The time is expected to be a quoted string in TsLayout format.

type Value

type Value interface{}

Value type held in the cache. Cannot be nil.

Directories

Path Synopsis
Package dtfmt provides time formatter support with pattern syntax mostly similar to joda DateTimeFormat.
Package dtfmt provides time formatter support with pattern syntax mostly similar to joda DateTimeFormat.
Package streambuf provides helpers for buffering multiple packet payloads and some general parsing functions.
Package streambuf provides helpers for buffering multiple packet payloads and some general parsing functions.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL