Documentation
¶
Index ¶
- Constants
- Variables
- func Addr2Ints(anyIP string) (int, int64, int64, int64, int64, error)
- func BoolPtr(b bool) *bool
- func CatchPanic(component string)
- func Clone(a, b interface{}) error
- func ConfigureLogger(clog *log.Logger) error
- func CopyFile(sourceSymLink, destinationFile string) (err error)
- func GetData(data []*DataSource, dataDir string) error
- func GetLineCountForFile(filepath string) int
- func IP2Ints(pip net.IP) (int, int64, int64, error)
- func InSlice(str string, slice []string) bool
- func Int32Ptr(i int32) *int32
- func IntPtr(i int) *int
- func LastAddress(n net.IPNet) net.IP
- func ParseDuration(d string) (time.Duration, error)
- func Range2Ints(network net.IPNet) (int, int64, int64, int64, int64, error)
- func SetDefaultLoggerConfig(cfgMode string, cfgFolder string, cfgLevel log.Level, maxSize int, ...) error
- func StrPtr(s string) *string
- func UtcNow() time.Time
- func WriteStackTrace(iErr interface{}) string
- type DataSet
- type DataSource
- type Event
- type ExtraField
- type GrokPattern
- type Line
- type Profile
- type RemediationProfile
- type RuntimeAlert
- type ScopeType
Constants ¶
View Source
const ( LOG = iota OVFLW )
View Source
const ( Undefined = "" Ip = "Ip" Range = "Range" Filter = "Filter" Country = "Country" AS = "AS" )
Move in leakybuckets
View Source
const ApiKeyAuthType = "api-key"
View Source
const PasswordAuthType = "password"
View Source
const TlsAuthType = "tls"
Variables ¶
View Source
var LogOutput *lumberjack.Logger //io.Writer
Functions ¶
func CatchPanic ¶ added in v1.0.0
func CatchPanic(component string)
CatchPanic is a util func that we should call from all go-routines to ensure proper stacktrace handling
func ConfigureLogger ¶ added in v0.1.0
func GetData ¶ added in v0.1.0
func GetData(data []*DataSource, dataDir string) error
func GetLineCountForFile ¶ added in v1.3.3
func Range2Ints ¶ added in v1.0.3
size (16|4), nw_start, suffix_start, nw_end, suffix_end, error
func SetDefaultLoggerConfig ¶ added in v0.1.0
func WriteStackTrace ¶ added in v1.0.12
func WriteStackTrace(iErr interface{}) string
Types ¶
type DataSet ¶ added in v0.1.0
type DataSet struct {
Data []*DataSource `yaml:"data,omitempty"`
}
type DataSource ¶ added in v0.1.0
type Event ¶
type Event struct {
/* is it a log or an overflow */
Type int `yaml:"Type,omitempty" json:"Type,omitempty"` //Can be types.LOG (0) or types.OVFLOW (1)
ExpectMode int `yaml:"ExpectMode,omitempty" json:"ExpectMode,omitempty"` //how to buckets should handle event : leaky.TIMEMACHINE or leaky.LIVE
Whitelisted bool `yaml:"Whitelisted,omitempty" json:"Whitelisted,omitempty"`
WhitelistReason string `yaml:"WhitelistReason,omitempty" json:"whitelist_reason,omitempty"`
//should add whitelist reason ?
/* the current stage of the line being parsed */
Stage string `yaml:"Stage,omitempty" json:"Stage,omitempty"`
/* original line (produced by acquisition) */
Line Line `yaml:"Line,omitempty" json:"Line,omitempty"`
/* output of groks */
Parsed map[string]string `yaml:"Parsed,omitempty" json:"Parsed,omitempty"`
/* output of enrichment */
Enriched map[string]string `yaml:"Enriched,omitempty" json:"Enriched,omitempty"`
/* Overflow */
Overflow RuntimeAlert `yaml:"Overflow,omitempty" json:"Alert,omitempty"`
Time time.Time `yaml:"Time,omitempty" json:"Time,omitempty"` //parsed time `json:"-"` “
StrTime string `yaml:"StrTime,omitempty" json:"StrTime,omitempty"`
MarshaledTime string `yaml:"MarshaledTime,omitempty" json:"MarshaledTime,omitempty"`
Process bool `yaml:"Process,omitempty" json:"Process,omitempty"` //can be set to false to avoid processing line
/* Meta is the only part that will make it to the API - it should be normalized */
Meta map[string]string `yaml:"Meta,omitempty" json:"Meta,omitempty"`
}
Event is the structure representing a runtime event (log or overflow)
type ExtraField ¶
type ExtraField struct {
//if the target is indicated by name Struct.Field etc,
TargetByName string `yaml:"target,omitempty"`
//if the target field is in Event map
Parsed string `yaml:"parsed,omitempty"`
//if the target field is in Meta map
Meta string `yaml:"meta,omitempty"`
//if the target field is in Enriched map
Enriched string `yaml:"enriched,omitempty"`
//the source is a static value
Value string `yaml:"value,omitempty"`
//or the result of an Expression
ExpValue string `yaml:"expression,omitempty"`
RunTimeValue *vm.Program `json:"-"` //the actual compiled filter
//or an enrichment method
Method string `yaml:"method,omitempty"`
}
Used mostly for statics
type GrokPattern ¶
type GrokPattern struct {
//the field to which regexp is going to apply
TargetField string `yaml:"apply_on,omitempty"`
//the grok/regexp by name (loaded from patterns/*)
RegexpName string `yaml:"name,omitempty"`
//a proper grok pattern
RegexpValue string `yaml:"pattern,omitempty"`
//the runtime form of regexpname / regexpvalue
RunTimeRegexp *grokky.Pattern `json:"-"` //the actual regexp
//the output of the expression is going to be the source for regexp
ExpValue string `yaml:"expression,omitempty"`
RunTimeValue *vm.Program `json:"-"` //the actual compiled filter
//a grok can contain statics that apply if pattern is successful
Statics []ExtraField `yaml:"statics,omitempty"`
}
type RemediationProfile ¶
type RemediationProfile struct {
Apply bool
Ban bool
Slow bool
Captcha bool
Duration string
TimeDuration time.Duration
}
Action profiles
type RuntimeAlert ¶ added in v1.0.0
type RuntimeAlert struct {
Mapkey string `yaml:"MapKey,omitempty" json:"MapKey,omitempty"`
BucketId string `yaml:"BucketId,omitempty" json:"BucketId,omitempty"`
Whitelisted bool `yaml:"Whitelisted,omitempty" json:"Whitelisted,omitempty"`
Reprocess bool `yaml:"Reprocess,omitempty" json:"Reprocess,omitempty"`
Sources map[string]models.Source `yaml:"Sources,omitempty" json:"Sources,omitempty"`
Alert *models.Alert `yaml:"Alert,omitempty" json:"Alert,omitempty"` //this one is a pointer to APIAlerts[0] for convenience.
//APIAlerts will be populated at the end when there is more than one source
APIAlerts []models.Alert `yaml:"APIAlerts,omitempty" json:"APIAlerts,omitempty"`
}
func (RuntimeAlert) GetSources ¶ added in v1.2.1
func (r RuntimeAlert) GetSources() []string
Source Files
Click to show internal directories.
Click to hide internal directories.