Documentation ¶
Index ¶
- Constants
- Variables
- func GetProcessStatus(w http.ResponseWriter, r *http.Request)
- func ServeClient(client *AzureClient, ip string) error
- type AzureClient
- func (client *AzureClient) GetBlobsByPrefix(prefix string) ([]storage.Blob, error)
- func (client *AzureClient) LoadProcessStatus() error
- func (client *AzureClient) LoadUnprocessedBlobs(afterTime time.Time) (*[]NsgLogFile, ProcessStatus, error)
- func (client *AzureClient) ProcessBlobsAfter(afterTime time.Time, parserClient NsgParserClient) error
- func (client *AzureClient) ProcessStatusFileName() string
- func (client *AzureClient) SaveProcessStatus() error
- type FileClient
- type NsgFlowLog
- type NsgFlowLogs
- type NsgLog
- type NsgLogFile
- type NsgParserClient
- type NsgParserStatus
- type ProcessStatus
- type Record
- type Records
- type SyslogClient
Constants ¶
View Source
const ( DestinationFile = "file" DestinationSyslog = "syslog" )
Variables ¶
View Source
var (
NsgFileRegExp *regexp.Regexp
)
Functions ¶
func GetProcessStatus ¶
func GetProcessStatus(w http.ResponseWriter, r *http.Request)
func ServeClient ¶
func ServeClient(client *AzureClient, ip string) error
Types ¶
type AzureClient ¶
type AzureClient struct { Prefix string ProcessStatus ProcessStatus DataPath string DestinationType string Concurrency int // contains filtered or unexported fields }
func NewAzureClient ¶
func NewAzureClient(accountName, accountKey, containerName, dataPath string) (AzureClient, error)
func (*AzureClient) GetBlobsByPrefix ¶
func (client *AzureClient) GetBlobsByPrefix(prefix string) ([]storage.Blob, error)
func (*AzureClient) LoadProcessStatus ¶
func (client *AzureClient) LoadProcessStatus() error
func (*AzureClient) LoadUnprocessedBlobs ¶
func (client *AzureClient) LoadUnprocessedBlobs(afterTime time.Time) (*[]NsgLogFile, ProcessStatus, error)
func (*AzureClient) ProcessBlobsAfter ¶
func (client *AzureClient) ProcessBlobsAfter(afterTime time.Time, parserClient NsgParserClient) error
This is the primary function for processing NSG Flow Blobs.
func (*AzureClient) ProcessStatusFileName ¶
func (client *AzureClient) ProcessStatusFileName() string
func (*AzureClient) SaveProcessStatus ¶
func (client *AzureClient) SaveProcessStatus() error
type FileClient ¶
type FileClient struct {
DataPath string
}
func (*FileClient) Initialize ¶
func (client *FileClient) Initialize(dataPath string, azureClient *AzureClient) error
func (FileClient) ProcessNsgLogFile ¶
func (client FileClient) ProcessNsgLogFile(logFile *NsgLogFile, resultsChan chan NsgLogFile) error
type NsgFlowLog ¶
type NsgFlowLog struct { Timestamp int64 `json:"time"` SystemID *string `json:"systemId"` Category *string `json:"category"` ResourceID *string `json:"resourceId"` OperationName *string `json:"operationName"` Rule *string `json:"rule"` Mac string `json:"mac"` SourceIp string `json:"sourceIp"` DestinationIp string `json:"destinationIp"` SourcePort string `json:"sourcePort"` DestinationPort string `json:"destinationPort"` Protocol string `json:"protocol"` TrafficFlow string `json:"trafficFlow"` Traffic string `json:"traffic"` }
Flat Representation of each Flow tuple.
type NsgFlowLogs ¶
type NsgFlowLogs []NsgFlowLog
type NsgLog ¶
type NsgLog struct {
Records Records `json:"records"`
}
NsgLog is the GO Struct representing the .json files produced by NSG Each NsgLog has multiple records. one per minute normally.
func (*NsgLog) GetFlowLogsAfter ¶
func (nsgLog *NsgLog) GetFlowLogsAfter(afterTime time.Time) (NsgFlowLogs, error)
type NsgLogFile ¶
type NsgLogFile struct { Name string `json:"name"` Etag string `json:"etag"` LastModified time.Time `json:"last_modified"` LastProcessed time.Time `json:"last_processed"` LastProcessedRecord time.Time `json:"last_processed_record"` LastProcessedTimeStamp int64 `json:"last_processed_time"` LastRecordCount int `json:"last_count"` LastProcessedRange storage.BlobRange `json:"last_processed_range"` LogTime time.Time `json:"log_time"` Blob storage.Blob `json:"-"` NsgLog *NsgLog `json:"-"` NsgName string `json:"nsg_name"` }
NsgLogFile represents individual .json Log files in azure
func NewNsgLogFile ¶
func NewNsgLogFile(blob storage.Blob) (NsgLogFile, error)
func (*NsgLogFile) LoadBlob ¶
func (logFile *NsgLogFile) LoadBlob() error
func (*NsgLogFile) LoadBlobRange ¶ added in v0.0.4
func (logFile *NsgLogFile) LoadBlobRange(blobRange storage.BlobRange) error
Primary function for loading the storage.Blob object into an NsgLog Range is a set of byte offsets for reading the contents.
func (*NsgLogFile) Logger ¶
func (logFile *NsgLogFile) Logger() *log.Entry
func (*NsgLogFile) SaveToPath ¶
func (logFile *NsgLogFile) SaveToPath(path string) error
func (*NsgLogFile) ShortName ¶
func (logFile *NsgLogFile) ShortName() string
type NsgParserClient ¶
type NsgParserClient interface {
ProcessNsgLogFile(*NsgLogFile, chan NsgLogFile) error
}
type NsgParserStatus ¶
type ProcessStatus ¶
type ProcessStatus map[string]*NsgLogFile
func ReadProcessStatus ¶
func ReadProcessStatus(path, fileName string) (ProcessStatus, error)
type Record ¶
type Record struct { Time time.Time `json:"time"` SystemID string `json:"systemId"` Category string `json:"category"` ResourceID string `json:"resourceId"` OperationName string `json:"operationName"` Properties struct { Version int `json:"Version"` Flows []struct { Rule string `json:"rule"` Flows []struct { Mac string `json:"mac"` FlowTuples []string `json:"flowTuples"` } `json:"flows"` } `json:"flows"` } `json:"properties"` }
type SyslogClient ¶
type SyslogClient struct {
// contains filtered or unexported fields
}
func (*SyslogClient) Initialize ¶
func (client *SyslogClient) Initialize(protocol, host, port string, azureClient *AzureClient) error
func (SyslogClient) ProcessNsgLogFile ¶
func (client SyslogClient) ProcessNsgLogFile(logFile *NsgLogFile, resultsChan chan NsgLogFile) error
func (*SyslogClient) SendEvent ¶
func (client *SyslogClient) SendEvent(flowLog NsgFlowLog) error
Click to show internal directories.
Click to hide internal directories.