unifiedbeat

package

v2.0.1+incompatible Latest Latest Go to latest Published: Feb 29, 2016 License: MIT Imports: 23 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/cleesmith/unifiedbeat

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
func GetLocationByIP(ip string) *geoip2.City
func LoadRules(genMsgMapPath string, rulePaths []string) (int, int, error)
func OpenGeoIp2DB(db string) error
type ConfigSettings
type FileEvent
- func (f *FileEvent) SetFieldsUnderRoot(fieldsUnderRoot bool)
- func (f *FileEvent) ToMapStr() common.MapStr
type FileState
type Registrar
- func NewRegistrar(registryFile string) (*Registrar, error)
- func (r *Registrar) LoadState()
- func (r *Registrar) WriteRegistry() error
type Rule
type RulesConfig
type SpoolerConfig
type Unifiedbeat
- func New() *Unifiedbeat
type UnifiedbeatConfig

Constants ¶

This section is empty.

Variables ¶

View Source

var GeoIp2Reader *geoip2.Reader

View Source

var Rules = make(map[string]Rule)

View Source

var SourceFiles []string

Functions ¶

func GetLocationByIP ¶

func GetLocationByIP(ip string) *geoip2.City

func LoadRules ¶

func LoadRules(genMsgMapPath string, rulePaths []string) (int, int, error)

func OpenGeoIp2DB ¶

func OpenGeoIp2DB(db string) error

Types ¶

type ConfigSettings ¶

type ConfigSettings struct {
	Sensor UnifiedbeatConfig
}

type FileEvent ¶

type FileEvent struct {
	ReadTime     time.Time
	Source       string
	InputType    string
	DocumentType string
	Offset       int64
	U2Record     interface{}
	Fields       *map[string]string
	// contains filtered or unexported fields
}

FileEvent is sent to the output and must contain all relevant information

func (*FileEvent) SetFieldsUnderRoot ¶

func (f *FileEvent) SetFieldsUnderRoot(fieldsUnderRoot bool)

SetFieldsUnderRoot sets whether the fields should be added top level to the output documentation (fieldsUnderRoot = true) or under a fields dictionary.

func (*FileEvent) ToMapStr ¶

func (f *FileEvent) ToMapStr() common.MapStr

type FileState ¶

type FileState struct {
	Offset int64  `json:"offset"`
	Source string `json:"source"`
}

remove the ",omitempty"s so something is written to the registry file instead of just "{}"

type Registrar ¶

type Registrar struct {
	State      FileState // unified2 file name and offset
	sync.Mutex           // lock and unlock during writes
	// contains filtered or unexported fields
}

Registrar should only have one entry, which is the offset into the unified2 file currently being tailed (if any)

func NewRegistrar ¶

func NewRegistrar(registryFile string) (*Registrar, error)

func (*Registrar) LoadState ¶

func (r *Registrar) LoadState()

func (*Registrar) WriteRegistry ¶

func (r *Registrar) WriteRegistry() error

type Rule ¶

type Rule struct {
	SourceFileIndex   int
	SourceFileLineNum int
	Gid               string
	Sid               string
	Msg               string
	RuleRaw           string
}

type RulesConfig ¶

type RulesConfig struct {
	GenMsgMapPath string `yaml:"gen_msg_map_path"`
	Paths         []string
}

type SpoolerConfig ¶

type SpoolerConfig struct {
	Folder     string
	FilePrefix string
}

type Unifiedbeat ¶

type Unifiedbeat struct {
	UbConfig ConfigSettings
	// contains filtered or unexported fields
}

func New ¶

func New() *Unifiedbeat

func (*Unifiedbeat) Cleanup ¶

func (ub *Unifiedbeat) Cleanup(b *beat.Beat) error

func (*Unifiedbeat) Config ¶

func (ub *Unifiedbeat) Config(b *beat.Beat) error

func (*Unifiedbeat) Run ¶

func (ub *Unifiedbeat) Run(b *beat.Beat) error

func (*Unifiedbeat) Setup ¶

func (ub *Unifiedbeat) Setup(b *beat.Beat) error

func (*Unifiedbeat) Stop ¶

func (ub *Unifiedbeat) Stop()

Stop is called on exit before Cleanup why isn't the flow Cleanup and then Stop?

func (*Unifiedbeat) U2SpoolAndPublish ¶

func (ub *Unifiedbeat) U2SpoolAndPublish()

"Spool" refers to handling a folder of unified2 files in ascending order by filename as a continous stream of records to be read and indexed. Well, that's not whole story, as it is aware of each file being indexed and will call the CloseHook func when one is provided. CloseHook allows the program to "archive/rename" the indexed file and timestamp it, which avoids continuously looping over the same data leading to document duplication.

type UnifiedbeatConfig ¶

type UnifiedbeatConfig struct {
	Unified2Path    string `yaml:"unified2_path"`
	Unified2Prefix  string `yaml:"unified2_prefix"`
	SpoolerTimeout  int    `yaml:"spooler_timeout"`
	Spooler         SpoolerConfig
	Rules           RulesConfig
	Geoip2Path      string `yaml:"geoip2_path"`
	Fields          map[string]string
	FieldsUnderRoot bool `yaml:"fields_under_root"`
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL