Documentation
¶
Index ¶
- type Cache
- func (c *Cache) Clear()
- func (c *Cache) GetAllStats() []*SIDStats
- func (c *Cache) GetRecentSIDs(duration time.Duration) []*SIDStats
- func (c *Cache) GetSIDStats(sid string) (*SIDStats, bool)
- func (c *Cache) GetSize() int
- func (c *Cache) GetStats() map[string]int
- func (c *Cache) GetTopSIDs(n int) []*SIDStats
- func (c *Cache) GetTotalTriggers() int
- func (c *Cache) GetUniqueSIDs() int
- func (c *Cache) GetUniqueSources() int
- func (c *Cache) Load() error
- func (c *Cache) RecordTrigger(sid, category, signature, sourceIP string, timestamp time.Time)
- func (c *Cache) Save() error
- func (c *Cache) StartAutoSave(interval time.Duration)
- type Collector
- type EveAlert
- type Metrics
- func (m *Metrics) ClearUserDisabled(sid string)
- func (m *Metrics) ClearUserEnabled(sid, mode string)
- func (m *Metrics) RecordParseError()
- func (m *Metrics) RecordSeverity(severity string)
- func (m *Metrics) RecordTrigger(sid, category, signature string, timestamp float64, sourceIP string)
- func (m *Metrics) SetAlertsLast24h(count int)
- func (m *Metrics) SetDropRate(rate float64)
- func (m *Metrics) SetMemoryUsage(bytes int64)
- func (m *Metrics) SetRulesCount(total, enabled int)
- func (m *Metrics) SetServiceRunning(running bool)
- func (m *Metrics) SetUptime(seconds float64)
- func (m *Metrics) SetUserDisabled(sid string)
- func (m *Metrics) SetUserEnabled(sid, mode string)
- type SIDStats
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Cache ¶
type Cache struct {
// contains filtered or unexported fields
}
Cache holds in-memory SID statistics Implements bounded memory via caps on SIDs and sources per SID. Protects against CWE-400 (Uncontrolled Resource Consumption).
func (*Cache) GetAllStats ¶
GetAllStats returns all SID statistics
func (*Cache) GetRecentSIDs ¶
GetRecentSIDs returns SIDs triggered in the last duration
func (*Cache) GetSIDStats ¶
GetSIDStats returns statistics for a specific SID
func (*Cache) GetTopSIDs ¶
GetTopSIDs returns top N SIDs by trigger count
func (*Cache) GetTotalTriggers ¶
GetTotalTriggers returns total trigger count across all SIDs
func (*Cache) GetUniqueSIDs ¶
GetUniqueSIDs returns the number of unique SIDs
func (*Cache) GetUniqueSources ¶
GetUniqueSources returns total unique source IPs across all SIDs
func (*Cache) RecordTrigger ¶
RecordTrigger records a SID trigger event
func (*Cache) StartAutoSave ¶
StartAutoSave starts periodic snapshot saving
type Collector ¶
type Collector struct {
// contains filtered or unexported fields
}
Collector manages eve.json parsing and statistics collection
func NewCollector ¶
NewCollector creates a new statistics collector
func (*Collector) ProcessHistorical ¶
ProcessHistorical processes existing eve.json for historical data
type EveAlert ¶
type EveAlert struct {
Timestamp string `json:"timestamp"`
EventType string `json:"event_type"`
SrcIP string `json:"src_ip"`
DestIP string `json:"dest_ip"`
Alert struct {
Signature string `json:"signature"`
SignatureID int `json:"signature_id"`
Category string `json:"category"`
Severity int `json:"severity"`
} `json:"alert"`
}
EveAlert represents a Suricata alert from eve.json
type Metrics ¶
type Metrics struct {
// SID trigger counters
SIDTriggers *prometheus.CounterVec
// SID last trigger timestamp
SIDLastTrigger *prometheus.GaugeVec
// Unique source IPs per SID
SIDUniqueSources *prometheus.GaugeVec
// User actions (enabled/disabled)
SIDUserEnabled *prometheus.GaugeVec
SIDUserDisabled *prometheus.GaugeVec
// Category aggregates
CategoryTriggers *prometheus.CounterVec
// Alert severity
AlertSeverity *prometheus.CounterVec
// Performance metrics
ProcessingLatency prometheus.Histogram
EventsProcessed prometheus.Counter
ParseErrors prometheus.Counter
// Service-level metrics (for web UI alignment)
ServiceRunning prometheus.Gauge
RulesTotal prometheus.Gauge
RulesEnabled prometheus.Gauge
AlertsLast24h prometheus.Gauge
DropRate prometheus.Gauge
MemoryUsageBytes prometheus.Gauge
UptimeSeconds prometheus.Gauge
}
Metrics holds all Suricata-related Prometheus metrics
func InitMetrics ¶
func InitMetrics() *Metrics
InitMetrics initializes Prometheus metrics (singleton)
func (*Metrics) ClearUserDisabled ¶
ClearUserDisabled clears user-disabled flag for a SID
func (*Metrics) ClearUserEnabled ¶
ClearUserEnabled clears user-enabled flag for a SID
func (*Metrics) RecordParseError ¶
func (m *Metrics) RecordParseError()
RecordParseError increments parse error counter
func (*Metrics) RecordSeverity ¶
RecordSeverity records alert severity
func (*Metrics) RecordTrigger ¶
func (m *Metrics) RecordTrigger(sid, category, signature string, timestamp float64, sourceIP string)
RecordTrigger records a SID trigger event
func (*Metrics) SetAlertsLast24h ¶ added in v1.2.3
SetAlertsLast24h sets alerts count for last 24 hours
func (*Metrics) SetDropRate ¶ added in v1.2.3
SetDropRate sets packet drop rate
func (*Metrics) SetMemoryUsage ¶ added in v1.2.3
SetMemoryUsage sets memory usage in bytes
func (*Metrics) SetRulesCount ¶ added in v1.2.3
SetRulesCount sets total and enabled rules count
func (*Metrics) SetServiceRunning ¶ added in v1.2.3
SetServiceRunning sets Suricata service running status
func (*Metrics) SetUserDisabled ¶
SetUserDisabled sets user-disabled flag for a SID
func (*Metrics) SetUserEnabled ¶
SetUserEnabled sets user-enabled flag for a SID
type SIDStats ¶
type SIDStats struct {
SID string `json:"sid"`
Category string `json:"category"`
Signature string `json:"signature"`
TriggerCount int `json:"trigger_count"`
LastTrigger time.Time `json:"last_trigger"`
FirstTrigger time.Time `json:"first_trigger"`
UniqueSources map[string]bool `json:"-"` // Not serialized (capped in memory)
SourceCount int `json:"source_count"`
SourceIPs []string `json:"source_ips,omitempty"` // Top 10 for display
}
SIDStats holds statistics for a single SID
Source Files