func (publisher *PublisherType) isInLoclaIPPool(ip string) bool { //Lazy initialize the map with the IPs if localIPs == nil { var ips, ok = common.LocalIpAddrsAsStrings(true) if ok == nil { localIPs = make(map[string]int) for _, b := range ips { localIPs[b] = 1 } } } //Check if it is contained in the map if localIPs[ip] != 0 { return true } else { return false } }
func (publisher *PublisherType) PublishTopology(params ...string) error { localAddrs := params if len(params) == 0 { addrs, err := common.LocalIpAddrsAsStrings(false) if err != nil { logp.Err("Getting local IP addresses fails with: %s", err) return err } localAddrs = addrs } if publisher.TopologyOutput != nil { debug("Add topology entry for %s: %s", publisher.name, localAddrs) err := publisher.TopologyOutput.PublishIPs(publisher.name, localAddrs) if err != nil { return err } } return nil }
func (publisher *PublisherType) Init( beatName string, configs map[string]outputs.MothershipConfig, shipper ShipperConfig, ) error { var err error publisher.IgnoreOutgoing = shipper.Ignore_outgoing publisher.disabled = *publishDisabled if publisher.disabled { logp.Info("Dry run mode. All output types except the file based one are disabled.") } publisher.GeoLite = common.LoadGeoIPData(shipper.Geoip) publisher.wsOutput.Init() publisher.wsPublisher.Init() if !publisher.disabled { plugins, err := outputs.InitOutputs(beatName, configs, shipper.Topology_expire) if err != nil { return err } var outputers []*outputWorker var topoOutput outputs.TopologyOutputer for _, plugin := range plugins { output := plugin.Output config := plugin.Config debug("Create output worker") outputers = append(outputers, newOutputWorker(config, output, &publisher.wsOutput, 1000)) if !config.Save_topology { continue } topo, ok := output.(outputs.TopologyOutputer) if !ok { logp.Err("Output type %s does not support topology logging", plugin.Name) return errors.New("Topology output not supported") } if topoOutput != nil { logp.Err("Multiple outputs defined to store topology. " + "Please add save_topology = true option only for one output.") return errors.New("Multiple outputs defined to store topology") } topoOutput = topo logp.Info("Using %s to store the topology", plugin.Name) } Publisher.Output = outputers Publisher.TopologyOutput = topoOutput } if !publisher.disabled { if len(publisher.Output) == 0 { logp.Info("No outputs are defined. Please define one under the output section.") return errors.New("No outputs are defined. Please define one under the output section.") } if publisher.TopologyOutput == nil { logp.Debug("publish", "No output is defined to store the topology. The server fields might not be filled.") } } publisher.shipperName = shipper.Name publisher.hostname, err = os.Hostname() if err != nil { return err } if len(publisher.shipperName) > 0 { publisher.name = publisher.shipperName } else { publisher.name = publisher.hostname } logp.Info("Publisher name: %s", publisher.name) publisher.tags = shipper.Tags //Store the publisher's IP addresses publisher.ipaddrs, err = common.LocalIpAddrsAsStrings(false) if err != nil { logp.Err("Failed to get local IP addresses: %s", err) return err } if !publisher.disabled && publisher.TopologyOutput != nil { RefreshTopologyFreq := 10 * time.Second if shipper.Refresh_topology_freq != 0 { RefreshTopologyFreq = time.Duration(shipper.Refresh_topology_freq) * time.Second } publisher.RefreshTopologyTimer = time.Tick(RefreshTopologyFreq) logp.Info("Topology map refreshed every %s", RefreshTopologyFreq) // register shipper and its public IP addresses err = publisher.PublishTopology() if err != nil { logp.Err("Failed to publish topology: %s", err) return err } // update topology periodically go publisher.UpdateTopologyPeriodically() } publisher.asyncPublisher = newAsyncPublisher(publisher) publisher.syncPublisher = newSyncPublisher(publisher) return nil }
func (publisher *PublisherType) publishEvent(event common.MapStr) error { // the timestamp is mandatory ts, ok := event["timestamp"].(common.Time) if !ok { return errors.New("Missing 'timestamp' field from event.") } // the count is mandatory err := event.EnsureCountField() if err != nil { return err } // the type is mandatory _, ok = event["type"].(string) if !ok { return errors.New("Missing 'type' field from event.") } logp.Debug("publish", "Type is there") var src_server, dst_server string src, ok := event["src"].(*common.Endpoint) if ok { src_server = publisher.GetServerName(src.Ip) event["client_ip"] = src.Ip event["client_port"] = src.Port event["client_proc"] = src.Proc event["client_server"] = src_server delete(event, "src") } dst, ok := event["dst"].(*common.Endpoint) if ok { dst_server = publisher.GetServerName(dst.Ip) event["ip"] = dst.Ip event["port"] = dst.Port event["proc"] = dst.Proc event["server"] = dst_server delete(event, "dst") } //Duplicated Transaction if publisher.IgnoreOutgoing && dst_server != "" && dst_server != publisher.name { // duplicated transaction -> ignore it logp.Debug("publish", "Ignore duplicated transaction on %s: %s -> %s", publisher.name, src_server, dst_server) return nil } //Truly drop outgoing messages if publisher.IgnoreOutgoing { var ips, ok = common.LocalIpAddrsAsStrings(true) if ok == nil { for _, b := range ips { logp.Debug("hadoop", "Ignore duplicated transaction on %s:%s", b, src.Ip) if b == src.Ip { return nil } } } } event["shipper"] = publisher.name if len(publisher.tags) > 0 { event["tags"] = publisher.tags } if publisher.GeoLite != nil { real_ip, exists := event["real_ip"] if exists && len(real_ip.(string)) > 0 { loc := publisher.GeoLite.GetLocationByIP(real_ip.(string)) if loc != nil && loc.Latitude != 0 && loc.Longitude != 0 { event["client_location"] = fmt.Sprintf("%f, %f", loc.Latitude, loc.Longitude) } } else { if len(src_server) == 0 && src != nil { // only for external IP addresses loc := publisher.GeoLite.GetLocationByIP(src.Ip) if loc != nil && loc.Latitude != 0 && loc.Longitude != 0 { event["client_location"] = fmt.Sprintf("%f, %f", loc.Latitude, loc.Longitude) } } } } if logp.IsDebug("publish") { PrintPublishEvent(event) } // add transaction has_error := false if !publisher.disabled { for i := 0; i < len(publisher.Output); i++ { err := publisher.Output[i].PublishEvent(time.Time(ts), event) if err != nil { logp.Err("Fail to publish event type on output %s: %s", publisher.Output, err) has_error = true } } } if has_error { return errors.New("Fail to publish event") } return nil }