Beispiel #1
0
func NewPublisher(pub *publisher.PublisherType, hwm int) *PacketbeatPublisher {
	return &PacketbeatPublisher{
		pub:    pub,
		client: pub.Client(),
		done:   make(chan struct{}),
		events: make(chan common.MapStr, hwm),
	}
}
Beispiel #2
0
func NewPublisher(pub *publisher.PublisherType, hwm, bulkHWM int) *PacketbeatPublisher {
	return &PacketbeatPublisher{
		pub:    pub,
		client: pub.Client(),
		done:   make(chan struct{}),
		trans:  make(chan common.MapStr, hwm),
		flows:  make(chan []common.MapStr, bulkHWM),
	}
}
Beispiel #3
0
func normalizeTransAddr(pub *publisher.PublisherType, event common.MapStr) bool {
	debugf("normalize address for: %v", event)

	var srcServer, dstServer string
	src, ok := event["src"].(*common.Endpoint)
	debugf("has src: %v", ok)
	if ok {
		// check if it's outgoing transaction (as client)
		isOutgoing := pub.IsPublisherIP(src.Ip)
		if isOutgoing {
			if pub.IgnoreOutgoing {
				// duplicated transaction -> ignore it
				debugf("Ignore duplicated transaction on: %s -> %s", srcServer, dstServer)
				return false
			}

			//outgoing transaction
			event["direction"] = "out"
		}

		srcServer = pub.GetServerName(src.Ip)
		event["client_ip"] = src.Ip
		event["client_port"] = src.Port
		event["client_proc"] = src.Proc
		event["client_server"] = srcServer
		delete(event, "src")
	}

	dst, ok := event["dst"].(*common.Endpoint)
	debugf("has dst: %v", ok)
	if ok {
		dstServer = pub.GetServerName(dst.Ip)
		event["ip"] = dst.Ip
		event["port"] = dst.Port
		event["proc"] = dst.Proc
		event["server"] = dstServer
		delete(event, "dst")

		//check if it's incoming transaction (as server)
		if pub.IsPublisherIP(dst.Ip) {
			// incoming transaction
			event["direction"] = "in"
		}

	}

	event.EnsureCountField()

	if pub.GeoLite != nil {
		realIP, exists := event["real_ip"]
		if exists && len(realIP.(common.NetString)) > 0 {
			loc := pub.GeoLite.GetLocationByIP(string(realIP.(common.NetString)))
			if loc != nil && loc.Latitude != 0 && loc.Longitude != 0 {
				loc := fmt.Sprintf("%f, %f", loc.Latitude, loc.Longitude)
				event["client_location"] = loc
			}
		} else {
			if len(srcServer) == 0 && src != nil { // only for external IP addresses
				loc := pub.GeoLite.GetLocationByIP(src.Ip)
				if loc != nil && loc.Latitude != 0 && loc.Longitude != 0 {
					loc := fmt.Sprintf("%f, %f", loc.Latitude, loc.Longitude)
					event["client_location"] = loc
				}
			}
		}
	}

	return true
}