types

package
v1.5.3-rc2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 7, 2023 License: MIT Imports: 14 Imported by: 5

Documentation

Index

Constants

View Source 
const (
	LIVE = iota
	TIMEMACHINE
)

Leakybucket can be in mode LIVE or TIMEMACHINE

View Source 
const (
	LOG = iota
	OVFLW
)
View Source 
const (
	Undefined = ""
	Ip        = "Ip"
	Range     = "Range"
	Filter    = "Filter"
	Country   = "Country"
	AS        = "AS"
)

Move in leakybuckets

View Source 
const ApiKeyAuthType = "api-key"
View Source 
const CAPIBaseURL = "https://api.crowdsec.net/"
View Source 
const CAPIOrigin = "CAPI"
View Source 
const ConsoleOrigin = "console"
View Source 
const CrowdSecOrigin = "crowdsec"
View Source 
const CscliImportOrigin = "cscli-import"
View Source 
const CscliOrigin = "cscli"
View Source 
const DecisionTypeBan = "ban"
View Source 
const ListOrigin = "lists"
View Source 
const PAPIBaseURL = "https://papi.api.crowdsec.net/"
View Source 
const PAPIPermissionsUrl = "/permissions"
View Source 
const PAPIPollUrl = "/decisions/stream/poll"
View Source 
const PAPIVersion = "v1"
View Source 
const PasswordAuthType = "password"
View Source 
const TlsAuthType = "tls"

Variables

View Source 
var LogOutput *lumberjack.Logger //io.Writer

Functions

func Addr2Ints added in v1.0.3 

func Addr2Ints(anyIP string) (int, int64, int64, int64, int64, error)

returns a range for any ip or range

func ConfigureLogger added in v0.1.0 

func ConfigureLogger(clog *log.Logger) error

func GetLineCountForFile added in v1.3.3 

func GetLineCountForFile(filepath string) int

func GetOrigins added in v1.5.0 

func GetOrigins() []string

func IP2Ints added in v1.0.3 

func IP2Ints(pip net.IP) (int, int64, int64, error)

size (16|4), network, suffix, error

func LastAddress 

func LastAddress(n net.IPNet) net.IP

LastAddress returns the last address of a network

func ParseDuration added in v1.0.0 

func ParseDuration(d string) (time.Duration, error)

func Range2Ints added in v1.0.3 

func Range2Ints(network net.IPNet) (int, int64, int64, int64, int64, error)

size (16|4), nw_start, suffix_start, nw_end, suffix_end, error

func SetDefaultLoggerConfig added in v0.1.0 

func SetDefaultLoggerConfig(cfgMode string, cfgFolder string, cfgLevel log.Level, maxSize int, maxFiles int, maxAge int, compress *bool, forceColors bool) error

func UtcNow added in v1.3.0 

func UtcNow() time.Time

Types

type DataSource added in v0.1.0 

type DataSource struct {
	SourceURL string `yaml:"source_url"`
	DestPath  string `yaml:"dest_file"`
	Type      string `yaml:"type"`
	//Control cache strategy on expensive regexps
	Cache    *bool          `yaml:"cache"`
	Strategy *string        `yaml:"strategy"`
	Size     *int           `yaml:"size"`
	TTL      *time.Duration `yaml:"ttl"`
}

type Event 

type Event struct {
	/* is it a log or an overflow */
	Type            int    `yaml:"Type,omitempty" json:"Type,omitempty"`             //Can be types.LOG (0) or types.OVFLOW (1)
	ExpectMode      int    `yaml:"ExpectMode,omitempty" json:"ExpectMode,omitempty"` //how to buckets should handle event : types.TIMEMACHINE or types.LIVE
	Whitelisted     bool   `yaml:"Whitelisted,omitempty" json:"Whitelisted,omitempty"`
	WhitelistReason string `yaml:"WhitelistReason,omitempty" json:"whitelist_reason,omitempty"`
	//should add whitelist reason ?
	/* the current stage of the line being parsed */
	Stage string `yaml:"Stage,omitempty" json:"Stage,omitempty"`
	/* original line (produced by acquisition) */
	Line Line `yaml:"Line,omitempty" json:"Line,omitempty"`
	/* output of groks */
	Parsed map[string]string `yaml:"Parsed,omitempty" json:"Parsed,omitempty"`
	/* output of enrichment */
	Enriched map[string]string `yaml:"Enriched,omitempty" json:"Enriched,omitempty"`
	/* output of Unmarshal */
	Unmarshaled map[string]interface{} `yaml:"Unmarshaled,omitempty" json:"Unmarshaled,omitempty"`
	/* Overflow */
	Overflow      RuntimeAlert `yaml:"Overflow,omitempty" json:"Alert,omitempty"`
	Time          time.Time    `yaml:"Time,omitempty" json:"Time,omitempty"` //parsed time `json:"-"` “
	StrTime       string       `yaml:"StrTime,omitempty" json:"StrTime,omitempty"`
	StrTimeFormat string       `yaml:"StrTimeFormat,omitempty" json:"StrTimeFormat,omitempty"`
	MarshaledTime string       `yaml:"MarshaledTime,omitempty" json:"MarshaledTime,omitempty"`
	Process       bool         `yaml:"Process,omitempty" json:"Process,omitempty"` //can be set to false to avoid processing line
	/* Meta is the only part that will make it to the API - it should be normalized */
	Meta map[string]string `yaml:"Meta,omitempty" json:"Meta,omitempty"`
}

Event is the structure representing a runtime event (log or overflow)

func (*Event) GetMeta added in v1.4.2 

func (e *Event) GetMeta(key string) string

func (*Event) GetType added in v1.0.0 

func (e *Event) GetType() string

type Line 

type Line struct {
	Raw     string            `yaml:"Raw,omitempty"`
	Src     string            `yaml:"Src,omitempty"`
	Time    time.Time         //acquis time
	Labels  map[string]string `yaml:"Labels,omitempty"`
	Process bool
	Module  string `yaml:"Module,omitempty"`
}

type Profile 

type Profile struct {
	Profile       string             `yaml:"profile"`
	Filter        string             `yaml:"filter"`
	Remediation   RemediationProfile `yaml:"remediation"`
	RunTimeFilter *vm.Program
	ApiPush       *bool               `yaml:"api"`
	OutputConfigs []map[string]string `yaml:"outputs,omitempty"`
}

type RemediationProfile 

type RemediationProfile struct {
	Apply        bool
	Ban          bool
	Slow         bool
	Captcha      bool
	Duration     string
	TimeDuration time.Duration
}

Action profiles

type RuntimeAlert added in v1.0.0 

type RuntimeAlert struct {
	Mapkey      string                   `yaml:"MapKey,omitempty" json:"MapKey,omitempty"`
	BucketId    string                   `yaml:"BucketId,omitempty" json:"BucketId,omitempty"`
	Whitelisted bool                     `yaml:"Whitelisted,omitempty" json:"Whitelisted,omitempty"`
	Reprocess   bool                     `yaml:"Reprocess,omitempty" json:"Reprocess,omitempty"`
	Sources     map[string]models.Source `yaml:"Sources,omitempty" json:"Sources,omitempty"`
	Alert       *models.Alert            `yaml:"Alert,omitempty" json:"Alert,omitempty"` //this one is a pointer to APIAlerts[0] for convenience.
	//APIAlerts will be populated at the end when there is more than one source
	APIAlerts []models.Alert `yaml:"APIAlerts,omitempty" json:"APIAlerts,omitempty"`
}

func (RuntimeAlert) GetSources added in v1.2.1 

func (r RuntimeAlert) GetSources() []string

type ScopeType added in v1.0.0 

type ScopeType struct {
	Scope         string `yaml:"type"`
	Filter        string `yaml:"expression"`
	RunTimeFilter *vm.Program
}

Move in leakybuckets

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.