eve

package
v0.0.0-...-a23bd61 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 2, 2020 License: BSD-2-Clause Imports: 15 Imported by: 0

Documentation

Index

Constants

View Source 
const EveTimestampFormat = "2006-01-02T15:04:05.999999999Z0700"

The Eve timestamp format - a slightly modified RFC3339Nano format.

Variables

This section is empty.

Functions

func EvePacket2Pcap 

func EvePacket2Pcap(event EveEvent) ([]byte, error)

Convert the packet of an EveEvent to a PCAP file. A buffer representing a complete PCAP file is returned.

func EvePayloadToPcap 

func EvePayloadToPcap(event EveEvent) ([]byte, error)

Given an EvePacket, convert the payload to a PCAP faking out the headers as best we can.

A buffer containing the 1 packet pcap file will be returned.

func FormatTimestamp 

func FormatTimestamp(timestamp time.Time) string

func FormatTimestampUTC 

func FormatTimestampUTC(timestamp time.Time) string

func ParseTimestamp 

func ParseTimestamp(timestamp string) (time.Time, error)

func ProtoNumber 

func ProtoNumber(proto string) (layers.IPProtocol, error)

Given a protocol name as a string (could be a number), return the IPProtocol for that protocol.

Types

type EveEvent 

type EveEvent map[string]interface{}

A EveEvent is an Eve event decoded into map[string]interface{} which contains all the data in its raw format.

func NewEveEventFromBytes 

func NewEveEventFromBytes(b []byte) (event EveEvent, err error)

func NewEveEventFromString 

func NewEveEventFromString(s string) (event EveEvent, err error)

func (EveEvent) AddTag 

func (e EveEvent) AddTag(tag string)

func (EveEvent) DestIp 

func (e EveEvent) DestIp() string

func (EveEvent) DestPort 

func (e EveEvent) DestPort() uint16

func (EveEvent) EventType 

func (e EveEvent) EventType() string

func (EveEvent) GetAlert 

func (e EveEvent) GetAlert() util.JsonMap

func (EveEvent) GetAlertSignatureId 

func (e EveEvent) GetAlertSignatureId() (uint64, bool)

func (EveEvent) GetMap 

func (e EveEvent) GetMap(key string) util.JsonMap

func (EveEvent) GetString 

func (e EveEvent) GetString(key string) string

func (EveEvent) IcmpCode 

func (e EveEvent) IcmpCode() uint8

func (EveEvent) IcmpType 

func (e EveEvent) IcmpType() uint8

func (EveEvent) MarshalJSON 

func (e EveEvent) MarshalJSON() ([]byte, error)

func (EveEvent) Packet 

func (e EveEvent) Packet() []byte

func (EveEvent) Payload 

func (e EveEvent) Payload() []byte

func (EveEvent) Proto 

func (e EveEvent) Proto() string

func (EveEvent) SetTimestamp 

func (e EveEvent) SetTimestamp(ts time.Time)

func (EveEvent) SrcIp 

func (e EveEvent) SrcIp() string

func (EveEvent) SrcPort 

func (e EveEvent) SrcPort() uint16

func (EveEvent) Timestamp 

func (e EveEvent) Timestamp() time.Time

type EveFilter 

type EveFilter interface {
	Filter(event EveEvent)
}

type GeoipFilter 

type GeoipFilter struct {
	// contains filtered or unexported fields
}

func NewGeoipFilter 

func NewGeoipFilter(service *geoip.GeoIpService) *GeoipFilter

func (*GeoipFilter) Filter 

func (f *GeoipFilter) Filter(event EveEvent)

type TagsFilter 

type TagsFilter struct {
}

TagsFilter is an Eve filter to ensure that the event has a tags list/array.

func (*TagsFilter) Filter 

func (f *TagsFilter) Filter(event EveEvent)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.