func (h *FetchHandler) HandleFilterRequest(w http.ResponseWriter, r *http.Request) {
filter := r.FormValue("filter")
argStartTime := r.FormValue("start-time")
argDuration := r.FormValue("duration")
argSpool := r.FormValue("spool")
if argStartTime == "" || argDuration == "" {
http.Error(w, "start time and duration required", http.StatusBadRequest)
return
}
startTime, err := time.Parse(time.RFC3339, argStartTime)
if err != nil {
http.Error(w, "failed to parse time: "+err.Error(),
http.StatusBadRequest)
return
}
duration, err := time.ParseDuration(argDuration)
if err != nil {
http.Error(w, "failed to parse duraction: "+err.Error(),
http.StatusBadRequest)
return
}
if argSpool == "" {
http.Error(w, "spool name required", http.StatusBadRequest)
return
}
spool := h.config.GetSpoolByName(argSpool)
if spool == nil {
http.Error(w, fmt.Sprintf("spool %s not configured", argSpool),
http.StatusInternalServerError)
return
}
logger.PrintfWithRequest(r, "Preparing dumper request: %s",
map[string]string{
"start-time": startTime.String(),
"duration": duration.String(),
"pcap-filter": filter,
})
dumperOptions := dumper.DumperOptions{
Directory: spool.Directory,
Prefix: spool.Prefix,
StartTime: startTime.Unix(),
Duration: int64(duration.Seconds()),
Filter: filter,
Recursive: spool.Recursive,
}
dumperProxy := dumper.DumperProxy{dumperOptions, w, "dumpy.pcap"}
dumperProxy.Run()
}
func (h *FetchHandler) HandleEventRequest(w http.ResponseWriter, r *http.Request) {
event, err := DecodeEvent(r.FormValue("event"))
if err != nil {
HttpErrorAndLog(w, r, http.StatusBadRequest, err.Error())
return
}
eventTimestamp, err := ParseTime(event.Timestamp)
if err != nil {
http.Error(w, "failed to parse timestamp: "+event.Timestamp,
http.StatusBadRequest)
return
}
durationBefore, err := time.ParseDuration(
"-" + r.FormValue("duration-before"))
if err != nil {
http.Error(w, fmt.Sprintf("duration-before: %s", err),
http.StatusBadRequest)
return
}
durationAfter, err := time.ParseDuration(r.FormValue("duration-after"))
if err != nil {
http.Error(w, fmt.Sprintf("duration-before: %s", err),
http.StatusBadRequest)
return
}
startTime := eventTimestamp.Add(durationBefore)
endTime := eventTimestamp.Add(durationAfter)
duration := endTime.Sub(startTime)
spool := h.config.GetSpoolByName(r.FormValue("spool"))
if spool == nil {
http.Error(w,
fmt.Sprintf("spool %s not configured", r.FormValue("spool")),
http.StatusInternalServerError)
return
}
logger.PrintfWithRequest(r, "Preparing dumper request: %s",
map[string]string{
"start-time": startTime.String(),
"duration": duration.String(),
"pcap-filter": event.ToPcapFilter(),
"event": event.Original,
})
dumperOptions := dumper.DumperOptions{
Directory: spool.Directory,
Prefix: spool.Prefix,
Recursive: spool.Recursive,
StartTime: startTime.Unix(),
Duration: int64(duration.Seconds()),
Filter: event.ToPcapFilter(),
}
dumperProxy := dumper.DumperProxy{dumperOptions, w, fmt.Sprintf("%d.pcap", event.SignatureId)}
dumperProxy.Run()
}