Documentation
¶
Overview ¶
Package analytics provides efficient batch operations for report generation
Index ¶
- func Init(libPath string, reportsPath string) error
- func RegisterPrometheus(registry *prometheus.Registry)
- type AnalyticsSummary
- type CountryStats
- type DailySummary
- type IPInfo
- type IPLookupResult
- type IPOrigin
- type ModuleStatus
- type Report
- type Reporter
- type State
- func (s *State) GetCountryStats() map[string]*CountryStats
- func (s *State) GetIPOrigin(ip string) (*IPOrigin, bool)
- func (s *State) GetSummary() *AnalyticsSummary
- func (s *State) GetTopCountries(n int) []CountryStats
- func (s *State) RecordBan(ip, country, city, source, reason string, t time.Time)
- func (s *State) RecordBanWithMetrics(ip, country, city, source, reason string, t time.Time)
- func (s *State) RecordPersistentOffender(ip, country, source string, t time.Time)
- func (s *State) Save() error
- func (s *State) SnapshotDaily(t time.Time) error
- func (s *State) UpdatePrometheusGauges()
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func Init ¶
Init creates directories and loads existing state if present. Call once from your main init/bootstrap code.
func RegisterPrometheus ¶
func RegisterPrometheus(registry *prometheus.Registry)
RegisterPrometheus registers nftban analytics metrics with Prometheus. Call once from main after prometheus client init.
Types ¶
type AnalyticsSummary ¶
type AnalyticsSummary struct {
Success bool `json:"success"`
TotalIPs int `json:"total_ips"`
TotalCountries int `json:"total_countries"`
Countries map[string]*CountryStats `json:"countries"`
LastUpdated time.Time `json:"last_updated"`
}
AnalyticsSummary is returned by CLI for JSON output.
type CountryStats ¶
type CountryStats struct {
Country string `json:"country"`
IPCount int `json:"ip_count"`
IPs []string `json:"ips"`
LastUpdated time.Time `json:"last_updated"`
}
CountryStats keeps aggregate info for a country.
type DailySummary ¶
type DailySummary struct {
Date string `json:"date"`
TotalBans int `json:"total_bans"`
UniqueIPs int `json:"unique_ips"`
TopCountries []CountryStats `json:"top_countries"`
BySource map[string]int `json:"by_source"` // suricata, login-monitor, manual, feeds
ByService map[string]int `json:"by_service"` // Dynamic from filters.conf
ByJail map[string]int `json:"by_jail"` // Legacy fail2ban compatibility
GeneratedAt time.Time `json:"generated_at"`
}
DailySummary represents a daily analytics snapshot.
type IPInfo ¶ added in v1.0.22
type IPInfo struct {
IP string `json:"ip"`
Country string `json:"country"`
City string `json:"city"`
}
IPInfo contains IP address with geographic information
type IPLookupResult ¶
type IPLookupResult struct {
Success bool `json:"success"`
IP string `json:"ip"`
Found bool `json:"found"`
Origin *IPOrigin `json:"origin,omitempty"`
Message string `json:"message,omitempty"`
}
IPLookupResult is returned by IP lookup command.
type IPOrigin ¶
type IPOrigin struct {
IP string `json:"ip"`
Country string `json:"country"`
City string `json:"city,omitempty"`
BannedAt time.Time `json:"banned_at"`
Jail string `json:"jail,omitempty"` // Legacy: fail2ban jail name
Source string `json:"source,omitempty"` // suricata, login-monitor, manual, feeds
Service string `json:"service,omitempty"` // ssh, http, wordpress, malware, etc.
Reason string `json:"reason,omitempty"`
Duration int `json:"duration,omitempty"` // Ban duration in seconds (0 = permanent)
}
IPOrigin describes origin info for a specific IP.
type ModuleStatus ¶ added in v1.0.22
type ModuleStatus struct {
Module string `json:"module"`
Name string `json:"name"`
Enabled bool `json:"enabled"`
Active bool `json:"active"`
}
ModuleStatus contains module name and status
type Report ¶ added in v1.0.22
type Report struct {
TopIPs []IPInfo `json:"top_ips"`
ModuleStatus []ModuleStatus `json:"module_status"`
Timestamp time.Time `json:"timestamp"`
}
Report contains aggregated analytics data for email reports
type Reporter ¶ added in v1.0.22
type Reporter struct {
// contains filtered or unexported fields
}
Reporter handles batch analytics operations
func NewReporter ¶ added in v1.0.22
NewReporter creates a new analytics reporter
func (*Reporter) BatchGeoIPLookup ¶ added in v1.0.22
BatchGeoIPLookup performs GeoIP lookup for multiple IPs efficiently
func (*Reporter) GenerateReport ¶ added in v1.0.22
GenerateReport creates a full analytics report
func (*Reporter) GetModuleStatus ¶ added in v1.0.22
func (r *Reporter) GetModuleStatus() ([]ModuleStatus, error)
GetModuleStatus reads module status from metrics files
type State ¶
type State struct {
// contains filtered or unexported fields
}
func (*State) GetCountryStats ¶
func (s *State) GetCountryStats() map[string]*CountryStats
GetCountryStats returns a shallow copy of the map for read-only usage.
func (*State) GetIPOrigin ¶
GetIPOrigin returns origin info for an IP, if known.
func (*State) GetSummary ¶
func (s *State) GetSummary() *AnalyticsSummary
GetSummary returns a complete analytics summary for JSON output.
func (*State) GetTopCountries ¶
func (s *State) GetTopCountries(n int) []CountryStats
GetTopCountries returns top N countries by IP count.
func (*State) RecordBan ¶
RecordBan updates in-memory stats (call this for each ban). Parameters:
ip - IP address being banned country - Country code (GeoIP) city - City name (GeoIP) source - Ban source: "suricata", "login-monitor", "manual", "feeds", or legacy jail name reason - Ban reason/description t - Timestamp
func (*State) RecordBanWithMetrics ¶
RecordBanWithMetrics combines analytics + Prometheus for a ban.
func (*State) RecordPersistentOffender ¶
RecordPersistentOffender increments the persistent offenders counter.
func (*State) SnapshotDaily ¶
SnapshotDaily writes a daily country snapshot into reports dir. Typically called once per day (via cron or internal scheduler).
func (*State) UpdatePrometheusGauges ¶
func (s *State) UpdatePrometheusGauges()
UpdatePrometheusGauges updates all gauge metrics from current state. Call periodically (e.g., every 30s) to keep gauges in sync.
Source Files