events

package
v1.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 19, 2021 License: MIT Imports: 14 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type BaseEvent 

type BaseEvent struct {
	IPVersion  uint
	Tags       Tags
	Kind       string
	SourceIP   string
	DestPort   uint16
	Session    string
	Timestamp  time.Time
	Additional map[string]string
	Event
	loggable.Loggable
}

BaseEvent described the common structure to all the events generated by the received packets

func (*BaseEvent) AddAdditional 

func (ev *BaseEvent) AddAdditional(add map[string]string)

AddAdditional fetches the Additional values of an event

func (*BaseEvent) AddTags 

func (ev *BaseEvent) AddTags(tags map[string]string)

AddTags add the given tag array to the event's tags

func (BaseEvent) GetDestPort 

func (ev BaseEvent) GetDestPort() uint16

GetDestPort fetches the DestPort of an event

func (BaseEvent) GetKind 

func (ev BaseEvent) GetKind() string

GetKind fetches the Kind of an event

func (BaseEvent) GetSession added in v1.0.1 

func (ev BaseEvent) GetSession() string

GetSession fetches the Session of an event

func (BaseEvent) GetSourceIP 

func (ev BaseEvent) GetSourceIP() string

GetSourceIP fetches the SourceIP of an event

func (BaseEvent) GetTags added in v1.0.1 

func (ev BaseEvent) GetTags() map[string][]string

GetTags fetches the Tags of an event

type Event 

type Event interface {
	//Match(rule rules.Rule) bool
	ToLog() EventLog
	GetIPHeader() *layers.IPv4
	GetICMPv6Header() *layers.ICMPv6
	GetICMPv4Header() *layers.ICMPv4
	GetUDPHeader() *layers.UDP
	GetTCPHeader() *layers.TCP
	GetHTTPData() HTTPEvent

	AddTags(tags map[string]string)
	AddAdditional(add map[string]string)
	loggable.Loggable
}

Event is the interface implementing common methods to generated events

type EventLog 

type EventLog interface {
	String() (string, error)
}

EventLog is the interface implementing common methods to generated events' log data

type HTTPEvent 

type HTTPEvent struct {
	Verb          string            `json:"verb"`
	Proto         string            `json:"proto"`
	RequestURI    string            `json:"URI"`
	SourcePort    uint16            `json:"src_port"`
	DestHost      string            `json:"dst_host"`
	DestPort      uint16            `json:"dst_port"`
	Headers       map[string]string `json:"headers"`
	HeadersKeys   []string          `json:"headers_keys"`
	HeadersValues []string          `json:"headers_values"`
	InlineHeaders []string
	Errors        []string        `json:"errors"`
	Body          logdata.Payload `json:"body"`
	IsTLS         bool            `json:"is_tls"`
	Req           *http.Request
	LogData       logdata.HTTPEventLog
	BaseEvent
}

HTTPEvent describes the structure of an event generated by a reassembled HTTP packet

func NewHTTPEvent 

func NewHTTPEvent(r *http.Request, network gopacket.Flow, transport gopacket.Flow) (*HTTPEvent, error)

NewHTTPEvent creates an HTTPEvent from a reassembled http.Request. It uses flow information if available to allow quality source and destination information. Only available to HTTP events, as HTTPS events are generated from a webserver and thus not reassembled

func NewHTTPEventFromRequest 

func NewHTTPEventFromRequest(r *http.Request) (*HTTPEvent, error)

NewHTTPEventFromRequest creates an HTTPEvent from an http.Request if flow information is not available. It is used for HTTPS events, as they're generated from the dummy webserver and not reassembled by Melody

func (HTTPEvent) GetHTTPData 

func (ev HTTPEvent) GetHTTPData() HTTPEvent

GetHTTPData returns the event's data

func (HTTPEvent) GetIPHeader 

func (ev HTTPEvent) GetIPHeader() *layers.IPv4

GetIPHeader satisfies the Event interface by returning nil. As they're application-level data, HTTP events does not support IP header data

func (HTTPEvent) ToLog 

func (ev HTTPEvent) ToLog() EventLog

ToLog parses the event structure and generate an EventLog almost ready to be sent to the logging file

type ICMPv4Event 

type ICMPv4Event struct {
	//ICMPv4Header *layers.ICMPv4
	LogData logdata.ICMPv4EventLog
	BaseEvent
	helpers.IPv4Layer
	helpers.ICMPv4Layer
}

ICMPv4Event describes the structure of an event generated by an ICPMv4 packet

func NewICMPv4Event 

func NewICMPv4Event(packet gopacket.Packet) (*ICMPv4Event, error)

NewICMPv4Event created a new ICMPv4Event from a packet

func (ICMPv4Event) ToLog 

func (ev ICMPv4Event) ToLog() EventLog

ToLog parses the event structure and generate an EventLog almost ready to be sent to the logging file

type ICMPv6Event 

type ICMPv6Event struct {
	LogData logdata.ICMPv6EventLog
	BaseEvent
	helpers.IPv6Layer
	helpers.ICMPv6Layer
}

ICMPv6Event describes the structure of an event generated by an ICPMv6 packet

func NewICMPv6Event 

func NewICMPv6Event(packet gopacket.Packet) (*ICMPv6Event, error)

NewICMPv6Event created a new ICMPv6Event from a packet

func (ICMPv6Event) ToLog 

func (ev ICMPv6Event) ToLog() EventLog

ToLog parses the event structure and generate an EventLog almost ready to be sent to the logging file

type TCPEvent 

type TCPEvent struct {
	LogData logdata.TCPEventLog
	BaseEvent
	helpers.TCPLayer
	helpers.IPv4Layer
	helpers.IPv6Layer
}

TCPEvent describes the structure of an event generated by an ICPMv4 packet

func NewTCPEvent 

func NewTCPEvent(packet gopacket.Packet, IPVersion uint) (*TCPEvent, error)

NewTCPEvent created a new TCPEvent from a packet

func (TCPEvent) ToLog 

func (ev TCPEvent) ToLog() EventLog

ToLog parses the event structure and generate an EventLog almost ready to be sent to the logging file

type Tags 

type Tags map[string][]string

Tags is an abstraction of map[string]interface{} allowing for the use of a set-like structure and a more graceful conversion to array

type UDPEvent 

type UDPEvent struct {
	LogData logdata.UDPEventLog
	BaseEvent
	helpers.UDPLayer
	helpers.IPv4Layer
	helpers.IPv6Layer
}

UDPEvent describes the structure of an event generated by an ICPMv4 packet

func NewUDPEvent 

func NewUDPEvent(packet gopacket.Packet, IPVersion uint) (*UDPEvent, error)

NewUDPEvent created a new UDPEvent from a packet

func (UDPEvent) ToLog 

func (ev UDPEvent) ToLog() EventLog

ToLog parses the event structure and generate an EventLog almost ready to be sent to the logging file

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.