Documentation ¶
Overview ¶
The applayer module provides common definitions with common fields for use with application layer protocols among beats.
Index ¶
Constants ¶
This section is empty.
Variables ¶
Error code if stream exceeds max allowed size on Append.
Functions ¶
This section is empty.
Types ¶
type Message ¶
type Message struct { Ts time.Time Tuple common.IpPortTuple Transport Transport CmdlineTuple *common.CmdlineTuple Direction NetDirection IsRequest bool Size uint64 Notes []string }
Message defines common application layer message fields. Some of these fields are required to initialize a Transaction (see (*Transaction).InitWithMsg).
type NetDirection ¶
type NetDirection uint8
A Message its direction indicator
const ( // Message due to a reponse by server NetReverseDirection NetDirection = 0 // Message was send by client NetOriginalDirection NetDirection = 1 )
type Stream ¶
type Stream struct { // Buf provides the buffering with parsing support Buf streambuf.Buffer // MaxDataInStream sets the maximum number of bytes held in buffer. // If limit is reached append function will return an error. MaxDataInStream int }
A Stream provides buffering data if stream based protocol is used. Use Init to initialize a stream with en empty buffer and buffering limit. A Stream its zero value is a valid unlimited stream buffer.
func (*Stream) Append ¶
Append adds data to the Stream its buffer. If internal buffer is nil, data will be retained as is. Use Write if you don't intend to retain the buffer in the stream.
func (*Stream) Init ¶
Init initializes a stream with an empty buffer and max size. Calling Init twice will fully re-initialize the buffer, such that calling Init before putting the stream in some object pool, no memory will be leaked.
type Transaction ¶
type Transaction struct { // Type is the name of the application layer protocol transaction be represented. Type string // Transaction source and destination IPs and Ports. Tuple common.IpPortTuple // Transport layer type Transport Transport // Src describes the transaction source/initiator endpoint Src common.Endpoint // Dst describes the transaction destination endpoint Dst common.Endpoint // Ts sets the transaction its initial timestamp Ts TransactionTimestamp // ResponseTime is the transaction duration in milliseconds. Should be set // to -1 if duration is unknown ResponseTime int32 // Status of final transaction Status string // see libbeat/common/statuses.go // Notes holds a list of interesting events and errors encountered when // processing the transaction Notes []string // BytesIn is the number of bytes returned by destination endpoint BytesIn uint64 // BytesOut is the number of bytes send by source endpoint to destination endpoint BytesOut uint64 }
A Transaction defines common fields for all application layer protocols.
func (*Transaction) Event ¶
func (t *Transaction) Event(event common.MapStr) error
Event fills common event fields.
func (*Transaction) Init ¶
func (t *Transaction) Init( typ string, tuple common.IpPortTuple, transport Transport, direction NetDirection, time time.Time, cmdline *common.CmdlineTuple, notes []string, )
Init initializes some common fields. ResponseTime, Status, BytesIn and BytesOut are initialized to zero and must be filled by application code.
func (*Transaction) InitWithMsg ¶
func (t *Transaction) InitWithMsg( typ string, msg *Message, )
InitWithMsg initializes some common fields from a Message. ResponseTime, Status, BytesIn and BytesOut are initialized to zero and must be filled by application code.
type TransactionTimestamp ¶
TransactionTimestamp defines a transaction its initial timestamps as unix timestamp in milliseconds and time.Time struct.