func (b SyslogBackend) ExtractIps(reader io.Reader, ips *ipset.Set) (uint64, error) { br := bufio.NewReader(reader) lines := uint64(0) for { line, err := br.ReadString('\n') if err == io.EOF { break } if err != nil { log.Print(err) return lines, err } lines++ ipsFound := IPRegex.FindAllStringSubmatch(line, -1) for _, ipMatches := range ipsFound { for _, idx := range IPIndexes { if ipMatches[idx] != "" { ips.AddString(ipMatches[idx]) } } } } return lines, nil }
func (b NFDUMPBackend) ExtractIps(reader io.Reader, ips *ipset.Set) (uint64, error) { cmd := exec.Command("nfdump", "-r", "-", "-o", "csv") cmd.Stdin = reader stdout, err := cmd.StdoutPipe() if err != nil { return 0, err } err = cmd.Start() if err != nil { return 0, err } br := bufio.NewReader(stdout) lines := uint64(0) for { line, err := br.ReadString('\n') if err == io.EOF { break } if err != nil { return lines, err } parts := strings.SplitN(line, ",", 6) //makes parts[4] the last full split if len(parts) == 6 { ips.AddString(parts[3]) ips.AddString(parts[4]) lines++ } } err = cmd.Wait() return lines, err }
func (b BroJSONBackend) ExtractIps(reader io.Reader, ips *ipset.Set) (uint64, error) { br := bufio.NewReader(reader) lines := uint64(0) for { var FoundIPS BroIPFields line, err := br.ReadSlice('\n') if err == io.EOF { break } if err != nil { return lines, err } err = FoundIPS.UnmarshalJSON(line) if err != nil { return lines, err } if FoundIPS.ID_orig_h != "" { ips.AddString(FoundIPS.ID_orig_h) } if FoundIPS.ID_resp_h != "" { ips.AddString(FoundIPS.ID_resp_h) } if FoundIPS.Src != "" { ips.AddString(FoundIPS.Src) } if FoundIPS.Dst != "" { ips.AddString(FoundIPS.Dst) } lines++ } return lines, nil }
func (b BroBackend) ExtractIps(reader io.Reader, ips *ipset.Set) (uint64, error) { br := bufio.NewReader(reader) lines := uint64(0) for { line, err := br.ReadString('\n') if err == io.EOF { break } if err != nil { return lines, err } if line[0] != '#' { parts := strings.SplitN(line, "\t", 6) //makes parts[4] the last full split ips.AddString(parts[2]) ips.AddString(parts[4]) lines++ } } return lines, nil }