// filterEvent validates an event for common required fields with types.
// If event is to be filtered out the reason is returned as error.
func filterEvent(event common.MapStr) error {
ts, ok := event["@timestamp"]
if !ok {
return errors.New("Missing '@timestamp' field from event")
}
_, ok = ts.(common.Time)
if !ok {
return errors.New("Invalid '@timestamp' field from event.")
}
err := event.EnsureCountField()
if err != nil {
return err
}
t, ok := event["type"]
if !ok {
return errors.New("Missing 'type' field from event.")
}
_, ok = t.(string)
if !ok {
return errors.New("Invalid 'type' field from event.")
}
return nil
}
func (publisher *PublisherType) publishEvent(event common.MapStr) error {
// the timestamp is mandatory
ts, ok := event["timestamp"].(common.Time)
if !ok {
return errors.New("Missing 'timestamp' field from event.")
}
// the count is mandatory
err := event.EnsureCountField()
if err != nil {
return err
}
// the type is mandatory
_, ok = event["type"].(string)
if !ok {
return errors.New("Missing 'type' field from event.")
}
var src_server, dst_server string
src, ok := event["src"].(*common.Endpoint)
if ok {
src_server = publisher.GetServerName(src.Ip)
event["client_ip"] = src.Ip
event["client_port"] = src.Port
event["client_proc"] = src.Proc
event["client_server"] = src_server
delete(event, "src")
}
dst, ok := event["dst"].(*common.Endpoint)
if ok {
dst_server = publisher.GetServerName(dst.Ip)
event["ip"] = dst.Ip
event["port"] = dst.Port
event["proc"] = dst.Proc
event["server"] = dst_server
delete(event, "dst")
}
if publisher.IgnoreOutgoing && dst_server != "" &&
dst_server != publisher.name {
// duplicated transaction -> ignore it
logp.Debug("publish", "Ignore duplicated transaction on %s: %s -> %s", publisher.name, src_server, dst_server)
return nil
}
event["shipper"] = publisher.name
if len(publisher.tags) > 0 {
event["tags"] = publisher.tags
}
if publisher.GeoLite != nil {
real_ip, exists := event["real_ip"]
if exists && len(real_ip.(string)) > 0 {
loc := publisher.GeoLite.GetLocationByIP(real_ip.(string))
if loc != nil && loc.Latitude != 0 && loc.Longitude != 0 {
event["client_location"] = fmt.Sprintf("%f, %f", loc.Latitude, loc.Longitude)
}
} else {
if len(src_server) == 0 && src != nil { // only for external IP addresses
loc := publisher.GeoLite.GetLocationByIP(src.Ip)
if loc != nil && loc.Latitude != 0 && loc.Longitude != 0 {
event["client_location"] = fmt.Sprintf("%f, %f", loc.Latitude, loc.Longitude)
}
}
}
}
if logp.IsDebug("publish") {
PrintPublishEvent(event)
}
// add transaction
has_error := false
if !publisher.disabled {
for i := 0; i < len(publisher.Output); i++ {
err := publisher.Output[i].PublishEvent(time.Time(ts), event)
if err != nil {
logp.Err("Fail to publish event type on output %s: %v", publisher.Output[i], err)
has_error = true
}
}
}
if has_error {
return errors.New("Fail to publish event")
}
return nil
}