func (publisher *PublisherType) isInLoclaIPPool(ip string) bool {
//Lazy initialize the map with the IPs
if localIPs == nil {
var ips, ok = common.LocalIpAddrsAsStrings(true)
if ok == nil {
localIPs = make(map[string]int)
for _, b := range ips {
localIPs[b] = 1
}
}
}
//Check if it is contained in the map
if localIPs[ip] != 0 {
return true
} else {
return false
}
}
func (publisher *PublisherType) PublishTopology(params ...string) error {
localAddrs := params
if len(params) == 0 {
addrs, err := common.LocalIpAddrsAsStrings(false)
if err != nil {
logp.Err("Getting local IP addresses fails with: %s", err)
return err
}
localAddrs = addrs
}
if publisher.TopologyOutput != nil {
debug("Add topology entry for %s: %s", publisher.name, localAddrs)
err := publisher.TopologyOutput.PublishIPs(publisher.name, localAddrs)
if err != nil {
return err
}
}
return nil
}
func (publisher *PublisherType) Init(
beatName string,
configs map[string]outputs.MothershipConfig,
shipper ShipperConfig,
) error {
var err error
publisher.IgnoreOutgoing = shipper.Ignore_outgoing
publisher.disabled = *publishDisabled
if publisher.disabled {
logp.Info("Dry run mode. All output types except the file based one are disabled.")
}
publisher.GeoLite = common.LoadGeoIPData(shipper.Geoip)
publisher.wsOutput.Init()
publisher.wsPublisher.Init()
if !publisher.disabled {
plugins, err := outputs.InitOutputs(beatName, configs, shipper.Topology_expire)
if err != nil {
return err
}
var outputers []*outputWorker
var topoOutput outputs.TopologyOutputer
for _, plugin := range plugins {
output := plugin.Output
config := plugin.Config
debug("Create output worker")
outputers = append(outputers,
newOutputWorker(config, output, &publisher.wsOutput, 1000))
if !config.Save_topology {
continue
}
topo, ok := output.(outputs.TopologyOutputer)
if !ok {
logp.Err("Output type %s does not support topology logging",
plugin.Name)
return errors.New("Topology output not supported")
}
if topoOutput != nil {
logp.Err("Multiple outputs defined to store topology. " +
"Please add save_topology = true option only for one output.")
return errors.New("Multiple outputs defined to store topology")
}
topoOutput = topo
logp.Info("Using %s to store the topology", plugin.Name)
}
Publisher.Output = outputers
Publisher.TopologyOutput = topoOutput
}
if !publisher.disabled {
if len(publisher.Output) == 0 {
logp.Info("No outputs are defined. Please define one under the output section.")
return errors.New("No outputs are defined. Please define one under the output section.")
}
if publisher.TopologyOutput == nil {
logp.Debug("publish", "No output is defined to store the topology. The server fields might not be filled.")
}
}
publisher.shipperName = shipper.Name
publisher.hostname, err = os.Hostname()
if err != nil {
return err
}
if len(publisher.shipperName) > 0 {
publisher.name = publisher.shipperName
} else {
publisher.name = publisher.hostname
}
logp.Info("Publisher name: %s", publisher.name)
publisher.tags = shipper.Tags
//Store the publisher's IP addresses
publisher.ipaddrs, err = common.LocalIpAddrsAsStrings(false)
if err != nil {
logp.Err("Failed to get local IP addresses: %s", err)
return err
}
if !publisher.disabled && publisher.TopologyOutput != nil {
RefreshTopologyFreq := 10 * time.Second
if shipper.Refresh_topology_freq != 0 {
RefreshTopologyFreq = time.Duration(shipper.Refresh_topology_freq) * time.Second
}
publisher.RefreshTopologyTimer = time.Tick(RefreshTopologyFreq)
logp.Info("Topology map refreshed every %s", RefreshTopologyFreq)
// register shipper and its public IP addresses
err = publisher.PublishTopology()
if err != nil {
logp.Err("Failed to publish topology: %s", err)
return err
}
// update topology periodically
go publisher.UpdateTopologyPeriodically()
}
publisher.asyncPublisher = newAsyncPublisher(publisher)
publisher.syncPublisher = newSyncPublisher(publisher)
return nil
}
func (publisher *PublisherType) publishEvent(event common.MapStr) error {
// the timestamp is mandatory
ts, ok := event["timestamp"].(common.Time)
if !ok {
return errors.New("Missing 'timestamp' field from event.")
}
// the count is mandatory
err := event.EnsureCountField()
if err != nil {
return err
}
// the type is mandatory
_, ok = event["type"].(string)
if !ok {
return errors.New("Missing 'type' field from event.")
}
logp.Debug("publish", "Type is there")
var src_server, dst_server string
src, ok := event["src"].(*common.Endpoint)
if ok {
src_server = publisher.GetServerName(src.Ip)
event["client_ip"] = src.Ip
event["client_port"] = src.Port
event["client_proc"] = src.Proc
event["client_server"] = src_server
delete(event, "src")
}
dst, ok := event["dst"].(*common.Endpoint)
if ok {
dst_server = publisher.GetServerName(dst.Ip)
event["ip"] = dst.Ip
event["port"] = dst.Port
event["proc"] = dst.Proc
event["server"] = dst_server
delete(event, "dst")
}
//Duplicated Transaction
if publisher.IgnoreOutgoing && dst_server != "" &&
dst_server != publisher.name {
// duplicated transaction -> ignore it
logp.Debug("publish", "Ignore duplicated transaction on %s: %s -> %s", publisher.name, src_server, dst_server)
return nil
}
//Truly drop outgoing messages
if publisher.IgnoreOutgoing {
var ips, ok = common.LocalIpAddrsAsStrings(true)
if ok == nil {
for _, b := range ips {
logp.Debug("hadoop", "Ignore duplicated transaction on %s:%s", b, src.Ip)
if b == src.Ip {
return nil
}
}
}
}
event["shipper"] = publisher.name
if len(publisher.tags) > 0 {
event["tags"] = publisher.tags
}
if publisher.GeoLite != nil {
real_ip, exists := event["real_ip"]
if exists && len(real_ip.(string)) > 0 {
loc := publisher.GeoLite.GetLocationByIP(real_ip.(string))
if loc != nil && loc.Latitude != 0 && loc.Longitude != 0 {
event["client_location"] = fmt.Sprintf("%f, %f", loc.Latitude, loc.Longitude)
}
} else {
if len(src_server) == 0 && src != nil { // only for external IP addresses
loc := publisher.GeoLite.GetLocationByIP(src.Ip)
if loc != nil && loc.Latitude != 0 && loc.Longitude != 0 {
event["client_location"] = fmt.Sprintf("%f, %f", loc.Latitude, loc.Longitude)
}
}
}
}
if logp.IsDebug("publish") {
PrintPublishEvent(event)
}
// add transaction
has_error := false
if !publisher.disabled {
for i := 0; i < len(publisher.Output); i++ {
err := publisher.Output[i].PublishEvent(time.Time(ts), event)
if err != nil {
logp.Err("Fail to publish event type on output %s: %s", publisher.Output, err)
has_error = true
}
}
}
if has_error {
return errors.New("Fail to publish event")
}
return nil
}
