Documentation
¶
Overview ¶
Package monitor provides real-time protocol traffic monitoring and alerting.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Alert ¶
type Alert struct {
Rule AlertRule `json:"rule"`
Timestamp time.Time `json:"timestamp"`
Message string `json:"message"`
}
Alert represents a triggered alert.
type AlertEngine ¶
type AlertEngine struct {
// contains filtered or unexported fields
}
AlertEngine evaluates alert rules against stats.
func NewAlertEngine ¶
func NewAlertEngine(rules []AlertRule) *AlertEngine
NewAlertEngine creates a new alert engine.
func (*AlertEngine) Evaluate ¶
func (e *AlertEngine) Evaluate(snap StatsSnapshot) []Alert
Evaluate checks all rules against current stats.
func (*AlertEngine) GetAlerts ¶
func (e *AlertEngine) GetAlerts() []Alert
GetAlerts returns all triggered alerts.
func (*AlertEngine) LoadRules ¶
func (e *AlertEngine) LoadRules(data []byte) error
LoadRules loads alert rules from JSON.
type AlertRule ¶
type AlertRule struct {
Name string `json:"name" yaml:"name"`
Condition string `json:"condition" yaml:"condition"` // "field_match", "traffic_spike", "protocol_ratio"
Protocol string `json:"protocol,omitempty" yaml:"protocol"`
Field string `json:"field,omitempty" yaml:"field"`
Operator string `json:"operator,omitempty" yaml:"operator"` // ">", "<", "==", "!="
Value int64 `json:"value,omitempty" yaml:"value"`
Action string `json:"action" yaml:"action"` // "stdout", "webhook"
Webhook string `json:"webhook,omitempty" yaml:"webhook"`
}
AlertRule defines an alerting rule.
type SessionInfo ¶
type SessionInfo struct {
SrcAddr string `json:"src"`
DstAddr string `json:"dst"`
Protocol string `json:"protocol"`
Packets int64 `json:"packets"`
Bytes int64 `json:"bytes"`
FirstSeen time.Time `json:"first_seen"`
LastSeen time.Time `json:"last_seen"`
}
SessionInfo tracks a network session.
type Stats ¶
type Stats struct {
ProtocolCount map[string]*atomic.Int64
TotalPackets atomic.Int64
TotalBytes atomic.Int64
StartTime time.Time
Sessions map[string]*SessionInfo
// contains filtered or unexported fields
}
Stats holds real-time protocol statistics.
func (*Stats) Snapshot ¶
func (s *Stats) Snapshot() StatsSnapshot
Snapshot returns a snapshot of current stats.
type StatsSnapshot ¶
type StatsSnapshot struct {
TotalPackets int64 `json:"total_packets"`
TotalBytes int64 `json:"total_bytes"`
Duration time.Duration `json:"duration"`
PPS float64 `json:"pps"`
BPS float64 `json:"bps"`
Protocols map[string]int64 `json:"protocols"`
TopSessions []*SessionInfo `json:"top_sessions"`
}
StatsSnapshot is a point-in-time snapshot of stats.
func (StatsSnapshot) FormatText ¶
func (s StatsSnapshot) FormatText() string
FormatText returns a text representation of the snapshot.
Source Files
Click to show internal directories.
Click to hide internal directories.