parser

package
v0.0.6-pre Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 11, 2017 License: MIT Imports: 21 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	EventClassIdFlow = "nsg-flow"
	CEFTimeFormat    = "Jan 02 15:04:05"
)
View Source 
const (
	MAX_CONCURRENCY   = 1
	DestinationFile   = "file"
	DestinationSyslog = "syslog"
)

Variables

View Source 
var (
	CEFVersion              = 0
	NsgDeviceVendor         = "Microsoft"
	NsgDeviceProduct        = "Azure NSG"
	AppGatewayDeviceProduct = "Azure Application Gateway"
	NsgDeviceVersion        = "1"
)
View Source 
var (
	AppGwFileRegExp = regexp.MustCompile(`.*\/(.*)\/y=([0-9]{4})\/m=([0-9]{2})\/d=([0-9]{2})\/h=([0-9]{2})\/m=([0-9]{2}).*`)
)
View Source 
var (
	AppGwFirewallFileRegExp = regexp.MustCompile(`.*\/(.*)\/y=([0-9]{4})\/m=([0-9]{2})\/d=([0-9]{2})\/h=([0-9]{2})\/m=([0-9]{2}).*`)
)
View Source 
var (
	//1 = Subscription ID, 2 = Resource Group, 3 = Application Gateway
	AppGwFirewallRecordRegExp = regexp.MustCompile(`.*SUBSCRIPTIONS\/(.*)\/RESOURCEGROUPS\/(.*)\/PROVIDERS\/.*APPLICATIONGATEWAYS\/(.*)[\/]?[.*]*`)
)
View Source 
var (
	//1 = Subscription ID, 2 = Resource Group, 3 = Application Gateway
	AppGwRecordRegExp = regexp.MustCompile(`.*SUBSCRIPTIONS\/(.*)\/RESOURCEGROUPS\/(.*)\/PROVIDERS\/.*APPLICATIONGATEWAYS\/(.*)[\/]?[.*]*`)
)
View Source 
var (
	LoggedResourceFileRegExp = regexp.MustCompile(`.*\/(.*)\/y=([0-9]{4})\/m=([0-9]{2})\/d=([0-9]{2})\/h=([0-9]{2})\/m=([0-9]{2}).*`)
)
View Source 
var (
	//1 = Subscription ID, 2 = Resource Group, 3 = NSG
	RecordRegExp = regexp.MustCompile(`.*SUBSCRIPTIONS\/(.*)\/RESOURCEGROUPS\/(.*)\/PROVIDERS\/.*NETWORKSECURITYGROUPS\/(.*)[\/]?[.*]*`)
)

Functions

func CEFSyslogFormatter 

func CEFSyslogFormatter(_ syslog.Priority, hostname, _, content string) string

CEFSyslogFormatter provides a CEF Compliant message This implementation also extracts a timestamp if pre-pended to the message If a timestamp is provided, the event time is set to that. Example: Sep 19 08:26:10 host CEF:0|Security|threatmanager|1.0|100|worm successfully stopped|10|src=10.0.0.1 dst=2.1.2.2 spt=1232

func GetProcessStatus 

func GetProcessStatus(w http.ResponseWriter, r *http.Request)

func ServeClient 

func ServeClient(client *AzureClient, ip string) error

Types

type AzureAppGwAccessLog 

type AzureAppGwAccessLog struct {
	Records AzureAppGwEventRecords `json:"records"`
	// contains filtered or unexported fields
}

func (*AzureAppGwAccessLog) GetRecords 

func (log *AzureAppGwAccessLog) GetRecords() []AzureEventRecord

type AzureAppGwEventRecord 

type AzureAppGwEventRecord struct {
	ResourceID    string    `json:"resourceId"`
	OperationName string    `json:"operationName"`
	Time          time.Time `json:"time"`
	Category      string    `json:"category"`

	Properties map[string]interface{} `json:"properties"`
	// contains filtered or unexported fields
}

func (*AzureAppGwEventRecord) GetCEFList 

func (record *AzureAppGwEventRecord) GetCEFList(options GetCEFEventListOptions) ([]*CEFEvent, []error)

func (*AzureAppGwEventRecord) GetLogSourceName 

func (record *AzureAppGwEventRecord) GetLogSourceName() string

func (*AzureAppGwEventRecord) GetTime 

func (record *AzureAppGwEventRecord) GetTime() time.Time

func (*AzureAppGwEventRecord) InitRecord 

func (record *AzureAppGwEventRecord) InitRecord()

func (*AzureAppGwEventRecord) IsInitialized 

func (record *AzureAppGwEventRecord) IsInitialized() bool

func (*AzureAppGwEventRecord) NewCEFEvent 

func (record *AzureAppGwEventRecord) NewCEFEvent() CEFEvent

Create a CEF Event Skeleton

type AzureAppGwEventRecords 

type AzureAppGwEventRecords []AzureAppGwEventRecord

func (AzureAppGwEventRecords) After 

func (slice AzureAppGwEventRecords) After(afterTime time.Time) AzureAppGwEventRecords

func (AzureAppGwEventRecords) Before 

func (slice AzureAppGwEventRecords) Before(afterTime time.Time) AzureAppGwEventRecords

func (AzureAppGwEventRecords) Len 

func (slice AzureAppGwEventRecords) Len() int

func (AzureAppGwEventRecords) Less 

func (slice AzureAppGwEventRecords) Less(i, j int) bool

func (AzureAppGwEventRecords) Swap 

func (slice AzureAppGwEventRecords) Swap(i, j int)

type AzureAppGwFirewallAccessLog 

type AzureAppGwFirewallAccessLog struct {
	Records           AzureAppGwFirewallEventRecords `json:"records"`
	AzureEventRecords []AzureEventRecord
}

func (*AzureAppGwFirewallAccessLog) GetRecords 

func (log *AzureAppGwFirewallAccessLog) GetRecords() []AzureEventRecord

type AzureAppGwFirewallEventRecord 

type AzureAppGwFirewallEventRecord struct {
	ResourceID    string    `json:"resourceId"`
	OperationName string    `json:"operationName"`
	Time          time.Time `json:"time"`
	Category      string    `json:"category"`

	AppGwName string

	Properties map[string]interface{} `json:"properties"`
	// contains filtered or unexported fields
}

func (*AzureAppGwFirewallEventRecord) GetCEFList 

func (record *AzureAppGwFirewallEventRecord) GetCEFList(options GetCEFEventListOptions) ([]*CEFEvent, []error)

func (*AzureAppGwFirewallEventRecord) GetLogSourceName 

func (record *AzureAppGwFirewallEventRecord) GetLogSourceName() string

func (*AzureAppGwFirewallEventRecord) GetTime 

func (record *AzureAppGwFirewallEventRecord) GetTime() time.Time

func (*AzureAppGwFirewallEventRecord) InitRecord 

func (record *AzureAppGwFirewallEventRecord) InitRecord()

func (*AzureAppGwFirewallEventRecord) IsInitialized 

func (record *AzureAppGwFirewallEventRecord) IsInitialized() bool

func (*AzureAppGwFirewallEventRecord) NewCEFEvent 

func (record *AzureAppGwFirewallEventRecord) NewCEFEvent() CEFEvent

Create a CEF Event Skeleton

type AzureAppGwFirewallEventRecords 

type AzureAppGwFirewallEventRecords []AzureAppGwFirewallEventRecord

func (AzureAppGwFirewallEventRecords) After 

func (slice AzureAppGwFirewallEventRecords) After(afterTime time.Time) AzureAppGwFirewallEventRecords

func (AzureAppGwFirewallEventRecords) Before 

func (slice AzureAppGwFirewallEventRecords) Before(afterTime time.Time) AzureAppGwFirewallEventRecords

func (AzureAppGwFirewallEventRecords) Len 

func (slice AzureAppGwFirewallEventRecords) Len() int

func (AzureAppGwFirewallEventRecords) Less 

func (slice AzureAppGwFirewallEventRecords) Less(i, j int) bool

func (AzureAppGwFirewallEventRecords) Swap 

func (slice AzureAppGwFirewallEventRecords) Swap(i, j int)

type AzureAppGwFirewallLogFile 

type AzureAppGwFirewallLogFile struct {
	Name                        string                       `json:"name"`
	Etag                        string                       `json:"etag"`
	LastModified                time.Time                    `json:"last_modified"`
	LastProcessed               time.Time                    `json:"last_processed"`
	LastProcessedRecord         time.Time                    `json:"last_processed_record"`
	LastProcessedTimeStamp      int64                        `json:"last_processed_timestamp"`
	LastRecordCount             int                          `json:"last_count"`
	LastProcessedRange          storage.BlobRange            `json:"last_processed_range"`
	LogTime                     time.Time                    `json:"log_time"`
	Blob                        storage.Blob                 `json:"-"`
	AzureAppGwFirewallAccessLog *AzureAppGwFirewallAccessLog `json:"-"`
	LoggedResourceName          string                       `json:"nsg_name"`
}

AzureAppGwFirewallLogFile represents individual .json Log files in azure

func NewAzureAppGwFirewallLogFileFromEventLog 

func NewAzureAppGwFirewallLogFileFromEventLog(eventLog *AzureAppGwFirewallAccessLog) (AzureAppGwFirewallLogFile, error)

func (*AzureAppGwFirewallLogFile) GetAzureEventLog 

func (logFile *AzureAppGwFirewallLogFile) GetAzureEventLog() AzureEventLog

func (*AzureAppGwFirewallLogFile) GetBlob 

func (logFile *AzureAppGwFirewallLogFile) GetBlob() storage.Blob

func (*AzureAppGwFirewallLogFile) GetEtag 

func (logFile *AzureAppGwFirewallLogFile) GetEtag() string

func (*AzureAppGwFirewallLogFile) GetLastModified 

func (logFile *AzureAppGwFirewallLogFile) GetLastModified() time.Time

func (*AzureAppGwFirewallLogFile) GetLastProcessed 

func (logFile *AzureAppGwFirewallLogFile) GetLastProcessed() time.Time

func (*AzureAppGwFirewallLogFile) GetLastProcessedRange 

func (logFile *AzureAppGwFirewallLogFile) GetLastProcessedRange() storage.BlobRange

func (*AzureAppGwFirewallLogFile) GetLastProcessedRecord 

func (logFile *AzureAppGwFirewallLogFile) GetLastProcessedRecord() time.Time

func (*AzureAppGwFirewallLogFile) GetLastProcessedTimeStamp 

func (logFile *AzureAppGwFirewallLogFile) GetLastProcessedTimeStamp() int64

func (*AzureAppGwFirewallLogFile) GetLastRecordCount 

func (logFile *AzureAppGwFirewallLogFile) GetLastRecordCount() int

func (*AzureAppGwFirewallLogFile) GetLogTime 

func (logFile *AzureAppGwFirewallLogFile) GetLogTime() time.Time

func (*AzureAppGwFirewallLogFile) GetName 

func (logFile *AzureAppGwFirewallLogFile) GetName() string

func (*AzureAppGwFirewallLogFile) GetNsgName 

func (logFile *AzureAppGwFirewallLogFile) GetNsgName() string

func (*AzureAppGwFirewallLogFile) LoadAzureNsgEventRecords 

func (logFile *AzureAppGwFirewallLogFile) LoadAzureNsgEventRecords(payload []byte) error

Ability to load JSON files from sources other than an Azure Blob.

func (*AzureAppGwFirewallLogFile) LoadBlob 

func (logFile *AzureAppGwFirewallLogFile) LoadBlob() error

func (*AzureAppGwFirewallLogFile) LoadBlobRange 

func (logFile *AzureAppGwFirewallLogFile) LoadBlobRange(blobRange storage.BlobRange) error

Primary function for loading the storage.Blob object into an NsgLog Range is a set of byte offsets for reading the contents.

func (*AzureAppGwFirewallLogFile) Logger 

func (logFile *AzureAppGwFirewallLogFile) Logger() *log.Entry

Provides a github.com/sirupsen/logrus template .

func (*AzureAppGwFirewallLogFile) SetLastProcessed 

func (logFile *AzureAppGwFirewallLogFile) SetLastProcessed(LastProcessed time.Time)

func (*AzureAppGwFirewallLogFile) SetLastProcessedRange 

func (logFile *AzureAppGwFirewallLogFile) SetLastProcessedRange(LastProcessedRange storage.BlobRange)

func (*AzureAppGwFirewallLogFile) SetLastProcessedRecord 

func (logFile *AzureAppGwFirewallLogFile) SetLastProcessedRecord(LastProcessedRecord time.Time)

func (*AzureAppGwFirewallLogFile) SetLastProcessedTimeStamp 

func (logFile *AzureAppGwFirewallLogFile) SetLastProcessedTimeStamp(LastProcessedTimeStamp int64)

func (*AzureAppGwFirewallLogFile) SetLastRecordCount 

func (logFile *AzureAppGwFirewallLogFile) SetLastRecordCount(LastRecordCount int)

func (*AzureAppGwFirewallLogFile) ShortName 

func (logFile *AzureAppGwFirewallLogFile) ShortName() string

type AzureAppGwLogFile 

type AzureAppGwLogFile struct {
	Name                   string               `json:"name"`
	Etag                   string               `json:"etag"`
	LastModified           time.Time            `json:"last_modified"`
	LastProcessed          time.Time            `json:"last_processed"`
	LastProcessedRecord    time.Time            `json:"last_processed_record"`
	LastProcessedTimeStamp int64                `json:"last_processed_timestamp"`
	LastRecordCount        int                  `json:"last_count"`
	LastProcessedRange     storage.BlobRange    `json:"last_processed_range"`
	LogTime                time.Time            `json:"log_time"`
	Blob                   storage.Blob         `json:"-"`
	AzureAppGwAccessLog    *AzureAppGwAccessLog `json:"-"`
	LoggedResourceName     string               `json:"nsg_name"`
}

AzureAppGwLogFile represents individual .json Log files in azure

func NewAzureAppGwLogFileFromEventLog 

func NewAzureAppGwLogFileFromEventLog(eventLog *AzureAppGwAccessLog) (AzureAppGwLogFile, error)

func (*AzureAppGwLogFile) GetAzureEventLog 

func (logFile *AzureAppGwLogFile) GetAzureEventLog() AzureEventLog

func (*AzureAppGwLogFile) GetBlob 

func (logFile *AzureAppGwLogFile) GetBlob() storage.Blob

func (*AzureAppGwLogFile) GetEtag 

func (logFile *AzureAppGwLogFile) GetEtag() string

func (*AzureAppGwLogFile) GetLastModified 

func (logFile *AzureAppGwLogFile) GetLastModified() time.Time

func (*AzureAppGwLogFile) GetLastProcessed 

func (logFile *AzureAppGwLogFile) GetLastProcessed() time.Time

func (*AzureAppGwLogFile) GetLastProcessedRange 

func (logFile *AzureAppGwLogFile) GetLastProcessedRange() storage.BlobRange

func (*AzureAppGwLogFile) GetLastProcessedRecord 

func (logFile *AzureAppGwLogFile) GetLastProcessedRecord() time.Time

func (*AzureAppGwLogFile) GetLastProcessedTimeStamp 

func (logFile *AzureAppGwLogFile) GetLastProcessedTimeStamp() int64

func (*AzureAppGwLogFile) GetLastRecordCount 

func (logFile *AzureAppGwLogFile) GetLastRecordCount() int

func (*AzureAppGwLogFile) GetLogTime 

func (logFile *AzureAppGwLogFile) GetLogTime() time.Time

func (*AzureAppGwLogFile) GetName 

func (logFile *AzureAppGwLogFile) GetName() string

func (*AzureAppGwLogFile) GetNsgName 

func (logFile *AzureAppGwLogFile) GetNsgName() string

func (*AzureAppGwLogFile) LoadAzureNsgEventRecords 

func (logFile *AzureAppGwLogFile) LoadAzureNsgEventRecords(payload []byte) error

Ability to load JSON files from sources other than an Azure Blob.

func (*AzureAppGwLogFile) LoadBlob 

func (logFile *AzureAppGwLogFile) LoadBlob() error

func (*AzureAppGwLogFile) LoadBlobRange 

func (logFile *AzureAppGwLogFile) LoadBlobRange(blobRange storage.BlobRange) error

Primary function for loading the storage.Blob object into an NsgLog Range is a set of byte offsets for reading the contents.

func (*AzureAppGwLogFile) Logger 

func (logFile *AzureAppGwLogFile) Logger() *log.Entry

Provides a github.com/sirupsen/logrus template .

func (*AzureAppGwLogFile) SetLastProcessed 

func (logFile *AzureAppGwLogFile) SetLastProcessed(LastProcessed time.Time)

func (*AzureAppGwLogFile) SetLastProcessedRange 

func (logFile *AzureAppGwLogFile) SetLastProcessedRange(LastProcessedRange storage.BlobRange)

func (*AzureAppGwLogFile) SetLastProcessedRecord 

func (logFile *AzureAppGwLogFile) SetLastProcessedRecord(LastProcessedRecord time.Time)

func (*AzureAppGwLogFile) SetLastProcessedTimeStamp 

func (logFile *AzureAppGwLogFile) SetLastProcessedTimeStamp(LastProcessedTimeStamp int64)

func (*AzureAppGwLogFile) SetLastRecordCount 

func (logFile *AzureAppGwLogFile) SetLastRecordCount(LastRecordCount int)

func (*AzureAppGwLogFile) ShortName 

func (logFile *AzureAppGwLogFile) ShortName() string

type AzureClient 

type AzureClient struct {
	Prefix          string
	ProcessStatus   ProcessStatus
	DataPath        string
	DestinationType string
	Concurrency     int

	RegisteredJobs map[string]*Job
	// contains filtered or unexported fields
}

func NewAzureClient 

func NewAzureClient(accountName, accountKey, containerName, dataPath string) (AzureClient, error)

func (*AzureClient) GetBlobsByPrefix 

func (client *AzureClient) GetBlobsByPrefix(prefix string) ([]storage.Blob, error)

func (*AzureClient) ProcessBlobsAfter 

func (client *AzureClient) ProcessBlobsAfter(afterTime time.Time, parserClient NsgParserClient, jobName string) error

func (*AzureClient) RegisterJob 

func (client *AzureClient) RegisterJob(job *Job) error

func (*AzureClient) RunJob 

func (client *AzureClient) RunJob(jobName string) error

type AzureEventLog 

type AzureEventLog interface {
	GetRecords() []AzureEventRecord
}

type AzureEventRecord 

type AzureEventRecord interface {
	IsInitialized() bool
	InitRecord()

	GetTime() time.Time
	GetLogSourceName() string
	NewCEFEvent() CEFEvent
	GetCEFList(options GetCEFEventListOptions) ([]*CEFEvent, []error)
	// contains filtered or unexported methods
}

type AzureLogFile 

type AzureLogFile interface {
	ShortName() string
	GetName() string
	GetAzureEventLog() AzureEventLog
	LoadBlob() error
	LoadBlobRange(blobRange storage.BlobRange) error

	GetLastProcessed() time.Time
	GetLastProcessedRecord() time.Time
	GetLastProcessedTimeStamp() int64
	GetLastRecordCount() int
	GetLastModified() time.Time
	GetLastProcessedRange() storage.BlobRange
	SetLastProcessed(LastProcessed time.Time)
	SetLastProcessedTimeStamp(LastProcessedTimeStamp int64)
	SetLastRecordCount(LastRecordCount int)
	SetLastProcessedRecord(LastProcessedRecord time.Time)
	SetLastProcessedRange(LastProcessedRange storage.BlobRange)
	Logger() *log.Entry
	GetBlob() storage.Blob
	GetLogTime() time.Time
	GetNsgName() string
	GetEtag() string
	// contains filtered or unexported methods
}

func CrreateAzureLogFile 

func CrreateAzureLogFile(blob storage.Blob) (AzureLogFile, error)

func NewAzureAppGwFirewallLogFile 

func NewAzureAppGwFirewallLogFile(blob storage.Blob) (AzureLogFile, error)

func NewAzureAppGwLogFile 

func NewAzureAppGwLogFile(blob storage.Blob) (AzureLogFile, error)

func NewAzureNsgLogFile 

func NewAzureNsgLogFile(blob storage.Blob) (AzureLogFile, error)

type AzureLogQueryOptions 

type AzureLogQueryOptions struct {
	BeginTime time.Time
	EndTime   time.Time
}

type AzureNsgEventLog 

type AzureNsgEventLog struct {
	Records AzureNsgEventRecords `json:"records"`
	// contains filtered or unexported fields
}

func (*AzureNsgEventLog) GetRecords 

func (log *AzureNsgEventLog) GetRecords() []AzureEventRecord

type AzureNsgEventRecord 

type AzureNsgEventRecord struct {
	Time          time.Time `json:"time"`
	SystemID      string    `json:"systemId"`
	Category      string    `json:"category"`
	ResourceID    string    `json:"resourceId"`
	OperationName string    `json:"operationName"`

	Properties map[string]interface{} `json:"properties"`
	// contains filtered or unexported fields
}

func (*AzureNsgEventRecord) GetCEFList 

func (record *AzureNsgEventRecord) GetCEFList(options GetCEFEventListOptions) ([]*CEFEvent, []error)

func (*AzureNsgEventRecord) GetLogSourceName 

func (record *AzureNsgEventRecord) GetLogSourceName() string

func (*AzureNsgEventRecord) GetTime 

func (record *AzureNsgEventRecord) GetTime() time.Time

func (*AzureNsgEventRecord) InitRecord 

func (record *AzureNsgEventRecord) InitRecord()

func (*AzureNsgEventRecord) IsInitialized 

func (record *AzureNsgEventRecord) IsInitialized() bool

func (*AzureNsgEventRecord) NewCEFEvent 

func (record *AzureNsgEventRecord) NewCEFEvent() CEFEvent

Create a CEF Event Skeleton

type AzureNsgEventRecords 

type AzureNsgEventRecords []AzureNsgEventRecord

func (AzureNsgEventRecords) After 

func (slice AzureNsgEventRecords) After(afterTime time.Time) AzureNsgEventRecords

func (AzureNsgEventRecords) Before 

func (slice AzureNsgEventRecords) Before(afterTime time.Time) AzureNsgEventRecords

func (AzureNsgEventRecords) Len 

func (slice AzureNsgEventRecords) Len() int

func (AzureNsgEventRecords) Less 

func (slice AzureNsgEventRecords) Less(i, j int) bool

func (AzureNsgEventRecords) Swap 

func (slice AzureNsgEventRecords) Swap(i, j int)

type AzureNsgLogFile 

type AzureNsgLogFile struct {
	Name                   string            `json:"name"`
	Etag                   string            `json:"etag"`
	LastModified           time.Time         `json:"last_modified"`
	LastProcessed          time.Time         `json:"last_processed"`
	LastProcessedRecord    time.Time         `json:"last_processed_record"`
	LastProcessedTimeStamp int64             `json:"last_processed_timestamp"`
	LastRecordCount        int               `json:"last_count"`
	LastProcessedRange     storage.BlobRange `json:"last_processed_range"`
	LogTime                time.Time         `json:"log_time"`
	Blob                   storage.Blob      `json:"-"`
	AzureNsgEventLog       *AzureNsgEventLog `json:"-"`
	NsgName                string            `json:"nsg_name"`
}

AzureNsgLogFile represents individual .json Log files in azure

func NewAzureNsgLogFileFromEventLog 

func NewAzureNsgLogFileFromEventLog(eventLog *AzureNsgEventLog) (AzureNsgLogFile, error)

func (*AzureNsgLogFile) GetAzureEventLog 

func (logFile *AzureNsgLogFile) GetAzureEventLog() AzureEventLog

func (*AzureNsgLogFile) GetBlob 

func (logFile *AzureNsgLogFile) GetBlob() storage.Blob

func (*AzureNsgLogFile) GetEtag 

func (logFile *AzureNsgLogFile) GetEtag() string

func (*AzureNsgLogFile) GetLastModified 

func (logFile *AzureNsgLogFile) GetLastModified() time.Time

func (*AzureNsgLogFile) GetLastProcessed 

func (logFile *AzureNsgLogFile) GetLastProcessed() time.Time

func (*AzureNsgLogFile) GetLastProcessedRange 

func (logFile *AzureNsgLogFile) GetLastProcessedRange() storage.BlobRange

func (*AzureNsgLogFile) GetLastProcessedRecord 

func (logFile *AzureNsgLogFile) GetLastProcessedRecord() time.Time

func (*AzureNsgLogFile) GetLastProcessedTimeStamp 

func (logFile *AzureNsgLogFile) GetLastProcessedTimeStamp() int64

func (*AzureNsgLogFile) GetLastRecordCount 

func (logFile *AzureNsgLogFile) GetLastRecordCount() int

func (*AzureNsgLogFile) GetLogTime 

func (logFile *AzureNsgLogFile) GetLogTime() time.Time

func (*AzureNsgLogFile) GetName 

func (logFile *AzureNsgLogFile) GetName() string

func (*AzureNsgLogFile) GetNsgName 

func (logFile *AzureNsgLogFile) GetNsgName() string

func (*AzureNsgLogFile) LoadAzureNsgEventRecords 

func (logFile *AzureNsgLogFile) LoadAzureNsgEventRecords(payload []byte) error

Ability to load JSON files from sources other than an Azure Blob.

func (*AzureNsgLogFile) LoadBlob 

func (logFile *AzureNsgLogFile) LoadBlob() error

func (*AzureNsgLogFile) LoadBlobRange 

func (logFile *AzureNsgLogFile) LoadBlobRange(blobRange storage.BlobRange) error

Primary function for loading the storage.Blob object into an NsgLog Range is a set of byte offsets for reading the contents.

func (*AzureNsgLogFile) Logger 

func (logFile *AzureNsgLogFile) Logger() *log.Entry

Provides a github.com/sirupsen/logrus template .

func (*AzureNsgLogFile) SetLastProcessed 

func (logFile *AzureNsgLogFile) SetLastProcessed(LastProcessed time.Time)

func (*AzureNsgLogFile) SetLastProcessedRange 

func (logFile *AzureNsgLogFile) SetLastProcessedRange(LastProcessedRange storage.BlobRange)

func (*AzureNsgLogFile) SetLastProcessedRecord 

func (logFile *AzureNsgLogFile) SetLastProcessedRecord(LastProcessedRecord time.Time)

func (*AzureNsgLogFile) SetLastProcessedTimeStamp 

func (logFile *AzureNsgLogFile) SetLastProcessedTimeStamp(LastProcessedTimeStamp int64)

func (*AzureNsgLogFile) SetLastRecordCount 

func (logFile *AzureNsgLogFile) SetLastRecordCount(LastRecordCount int)

func (*AzureNsgLogFile) ShortName 

func (logFile *AzureNsgLogFile) ShortName() string

type CEFEvent 

type CEFEvent struct {
	CEFVersion         *int              `json:"cef_version"`
	DeviceVendor       *string           `json:"device_vendor"`
	DeviceProduct      *string           `json:"device_product"`
	DeviceVersion      *string           `json:"device_product"`
	DeviceEventClassId string            `json:"device_event_class_id"`
	Time               time.Time         `json:"time"`
	Name               string            `json:"name"`
	Severity           int               `json:"severity"`
	Extension          map[string]string `json:"extension"`
}

func NewAzureCEFEvent 

func NewAzureCEFEvent() CEFEvent

func NewAzureCEFEventForProduct 

func NewAzureCEFEventForProduct(deviceProduct string) CEFEvent

func (*CEFEvent) ExtensionText 

func (event *CEFEvent) ExtensionText() (string, error)

func (*CEFEvent) SyslogText 

func (event *CEFEvent) SyslogText() (string, error)

type CEFEventList 

type CEFEventList struct {
	Events []*CEFEvent
}

type CEFSyslogClient 

type CEFSyslogClient struct {
	// contains filtered or unexported fields
}

func (*CEFSyslogClient) Initialize 

func (client *CEFSyslogClient) Initialize(protocol, host, port string) error

func (CEFSyslogClient) ProcessAzureLogFile 

func (client CEFSyslogClient) ProcessAzureLogFile(logFile AzureLogFile, resultsChan chan AzureLogFile) error

func (*CEFSyslogClient) SendEvent 

func (client *CEFSyslogClient) SendEvent(event CEFEvent) error

type FileClient 

type FileClient struct {
	DataPath string
}

func (*FileClient) Initialize 

func (client *FileClient) Initialize(dataPath string) error

func (FileClient) ProcessAzureLogFile 

func (client FileClient) ProcessAzureLogFile(logFile AzureLogFile, resultsChan chan AzureLogFile) error

type GetCEFEventListOptions 

type GetCEFEventListOptions struct {
	StartTime time.Time
}

type Job 

type Job struct {
	Name          string
	Options       *JobOptions
	ProcessStatus ProcessStatus
	AzureClient   *AzureClient      `json:"-"`
	ParserClient  NsgParserClient   `json:"-"`
	ResultsChan   chan AzureLogFile `json:"-"`
	DoneChan      chan bool         `json:"-"`
	LogFiles      []AzureLogFile    `json:"-"`
	Tasks         []*pool.Task      `json:"-"`
	TaskPool      pool.Pool         `json:"-"`
	StartTime     time.Time
	EndTime       time.Time

	Status string
	// contains filtered or unexported fields
}

func NewJob 

func NewJob(options *JobOptions, processStatus ProcessStatus, azureClient *AzureClient, parserClient NsgParserClient) (*Job, error)

func (*Job) Complete 

func (job *Job) Complete()

func (*Job) LoadProcessStatus 

func (job *Job) LoadProcessStatus() error

func (*Job) LoadTasks 

func (job *Job) LoadTasks()

func (*Job) LoadUnprocessedLogFiles 

func (job *Job) LoadUnprocessedLogFiles() error

func (*Job) Logger 

func (job *Job) Logger() *log.Entry

func (*Job) ProcessStatusFileName 

func (job *Job) ProcessStatusFileName() string

func (*Job) Run 

func (job *Job) Run()

func (*Job) SaveProcessStatus 

func (job *Job) SaveProcessStatus() error

type JobOptions 

type JobOptions struct {
	StartRecordTime time.Time
	EndRecordTime   time.Time
	DataPath        string
	Concurrency     int
}

type LogFileProcessStatus 

type LogFileProcessStatus struct {
	Name                   string            `json:"name"`
	Etag                   string            `json:"etag"`
	LastModified           time.Time         `json:"last_modified"`
	LastProcessed          time.Time         `json:"last_processed"`
	LastProcessedRecord    time.Time         `json:"last_processed_record"`
	LastProcessedTimeStamp int64             `json:"last_processed_timestamp"`
	LastRecordCount        int               `json:"last_count"`
	LastProcessedRange     storage.BlobRange `json:"last_processed_range"`
	LogTime                time.Time         `json:"log_time"`
	NsgName                string            `json:"nsg_name"`
}

type NsgParserClient 

type NsgParserClient interface {
	ProcessAzureLogFile(AzureLogFile, chan AzureLogFile) error
}

type NsgParserStatus 

type NsgParserStatus struct {
	GoVersion          string
	Version            string
	Jobs               map[string]*Job
	BuildDate          string
	BuildUser          string
	Revision           string
	ProcessedFlowCount int64
}

type ProcessStatus 

type ProcessStatus map[string]LogFileProcessStatus

ProcessStatus is a simple map meant to store status for AzureLogFile

func ReadProcessStatus 

func ReadProcessStatus(path, fileName string) (ProcessStatus, error)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.