Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AlertEvent ¶
type AlertEvent struct {
Timestamp string `json:"timestamp"`
EventTime int64 `parquet:"name=event_time, type=INT64, convertedtype=TIMESTAMP_MILLIS"`
EventType string `json:"event_type"`
SrcIP string `json:"src_ip" parquet:"name=src_ip, type=BYTE_ARRAY, convertedtype=UTF8"`
DestIP string `json:"dest_ip" parquet:"name=dest_ip, type=BYTE_ARRAY, convertedtype=UTF8"`
SrcPort int `json:"src_port" parquet:"name=src_port, type=INT32"`
DestPort int `json:"dest_port" parquet:"name=dest_port, type=INT32"`
Proto string `json:"proto" parquet:"name=proto, type=BYTE_ARRAY, convertedtype=UTF8"`
AppProto string `json:"app_proto" parquet:"name=app_proto, type=BYTE_ARRAY, convertedtype=UTF8"`
FlowID int64 `json:"flow_id" parquet:"name=flow_id, type=INT64"`
InIface string `json:"in_iface" parquet:"name=in_iface, type=BYTE_ARRAY, convertedtype=UTF8"`
Vlan int `json:"vlan" parquet:"name=vlan, type=INT32"`
TxID int `json:"tx_id" parquet:"name=tx_id, type=INT32"`
Alert struct {
Action string `json:"action" parquet:"name=action, type=BYTE_ARRAY, convertedtype=UTF8"`
GID int `json:"gid" parquet:"name=gid, type=INT32"`
SignatureID int `json:"signature_id" parquet:"name=signature_id, type=INT32"`
Rev int `json:"rev" parquet:"name=rev, type=INT32"`
AppProto string `json:"app_proto" parquet:"name=app_proto, type=BYTE_ARRAY, convertedtype=UTF8"`
Signature string `json:"signature" parquet:"name=signature, type=BYTE_ARRAY, convertedtype=UTF8"`
Severity int `json:"severity" parquet:"name=severity, type=INT32"`
Source struct {
IP string `json:"ip" parquet:"name=ip, type=BYTE_ARRAY, convertedtype=UTF8"`
Port int `json:"port" parquet:"name=port, type=INT32"`
} `json:"source" parquet:"name=source"`
Target struct {
IP string `json:"ip" parquet:"name=ip, type=BYTE_ARRAY, convertedtype=UTF8"`
Port int `json:"port" parquet:"name=port, type=INT32"`
} `json:"target" parquet:"name=target"`
} `json:"alert" parquet:"name=alert"`
GeoIPData struct {
Source GeoIPData `json:"source" parquet:"name=source"`
Dest GeoIPData `json:"dest" parquet:"name=dest"`
} `json:"geoip_data" parquet:"name=geoip_data"`
}
func (AlertEvent) GetDateHourKey ¶
func (e AlertEvent) GetDateHourKey() storage.DateHourKey
func (*AlertEvent) UpdateFields ¶
func (e *AlertEvent) UpdateFields() error
func (*AlertEvent) UpdateGeoIP ¶
func (e *AlertEvent) UpdateGeoIP(reader *geoip2.Reader) error
type DHCPEvent ¶
type DHCPEvent struct {
Timestamp string `json:"timestamp"`
EventTime int64 `parquet:"name=event_time, type=INT64, convertedtype=TIMESTAMP_MILLIS"`
EventType string `json:"event_type"`
SrcIP string `json:"src_ip" parquet:"name=src_ip, type=BYTE_ARRAY, convertedtype=UTF8"`
DestIP string `json:"dest_ip" parquet:"name=dest_ip, type=BYTE_ARRAY, convertedtype=UTF8"`
SrcPort int `json:"src_port" parquet:"name=src_port, type=INT32"`
DestPort int `json:"dest_port" parquet:"name=dest_port, type=INT32"`
Proto string `json:"proto" parquet:"name=proto, type=BYTE_ARRAY, convertedtype=UTF8"`
AppProto string `json:"app_proto" parquet:"name=app_proto, type=BYTE_ARRAY, convertedtype=UTF8"`
FlowID int64 `json:"flow_id" parquet:"name=flow_id, type=INT64"`
InIface string `json:"in_iface" parquet:"name=in_iface, type=BYTE_ARRAY, convertedtype=UTF8"`
Vlan int `json:"vlan" parquet:"name=vlan, type=INT32"`
TxID int `json:"tx_id" parquet:"name=tx_id, type=INT32"`
DHCP struct {
Type string `json:"type" parquet:"name=type, type=BYTE_ARRAY, convertedtype=UTF8"`
ID int `json:"id" parquet:"name=id, type=INT32"`
ClientMac string `json:"client_mac" parquet:"name=client_mac, type=BYTE_ARRAY, convertedtype=UTF8"`
AssignedIP string `json:"assigned_ip" parquet:"name=assigned_ip, type=BYTE_ARRAY, convertedtype=UTF8"`
DHCPType string `json:"dhcp_type" parquet:"name=dhcp_type, type=BYTE_ARRAY, convertedtype=UTF8"`
RenewalTime int `json:"renewal_time" parquet:"name=renewal_time, type=INT32"`
} `json:"dhcp" parquet:"name=dhcp"`
GeoIPData struct {
Source GeoIPData `json:"source" parquet:"name=source"`
Dest GeoIPData `json:"dest" parquet:"name=dest"`
} `json:"geoip_data" parquet:"name=geoip_data"`
}
func (DHCPEvent) GetDateHourKey ¶
func (e DHCPEvent) GetDateHourKey() storage.DateHourKey
func (*DHCPEvent) UpdateFields ¶
func (*DHCPEvent) UpdateGeoIP ¶
type DNSEvent ¶
type DNSEvent struct {
Timestamp string `json:"timestamp"`
EventTime int64 `parquet:"name=event_time, type=INT64, convertedtype=TIMESTAMP_MILLIS"`
EventType string `json:"event_type"`
SrcIP string `json:"src_ip" parquet:"name=src_ip, type=BYTE_ARRAY, convertedtype=UTF8"`
DestIP string `json:"dest_ip" parquet:"name=dest_ip, type=BYTE_ARRAY, convertedtype=UTF8"`
SrcPort int `json:"src_port" parquet:"name=src_port, type=INT32"`
DestPort int `json:"dest_port" parquet:"name=dest_port, type=INT32"`
Proto string `json:"proto" parquet:"name=proto, type=BYTE_ARRAY, convertedtype=UTF8"`
AppProto string `json:"app_proto" parquet:"name=app_proto, type=BYTE_ARRAY, convertedtype=UTF8"`
FlowID int64 `json:"flow_id" parquet:"name=flow_id, type=INT64"`
InIface string `json:"in_iface" parquet:"name=in_iface, type=BYTE_ARRAY, convertedtype=UTF8"`
Vlan int `json:"vlan" parquet:"name=vlan, type=INT32"`
TxID int `json:"tx_id" parquet:"name=tx_id, type=INT32"`
DNS *struct {
Version int `json:"version" parquet:"name=version, type=INT32"`
Type string `json:"type" parquet:"name=type, type=BYTE_ARRAY, convertedtype=UTF8"`
ID int `json:"id" parquet:"name=id, type=INT32"`
Flags string `json:"flags" parquet:"name=flags, type=BYTE_ARRAY, convertedtype=UTF8"`
QR bool `json:"qr" parquet:"name=qr, type=BOOLEAN"`
RD bool `json:"rd" parquet:"name=rd, type=BOOLEAN"`
RA bool `json:"ra" parquet:"name=ra, type=BOOLEAN"`
RRName string `json:"rrname" parquet:"name=rrname, type=BYTE_ARRAY, convertedtype=UTF8"`
RRType string `json:"rrtype" parquet:"name=rrtype, type=BYTE_ARRAY, convertedtype=UTF8"`
RCode string `json:"rcode" parquet:"name=rcode, type=BYTE_ARRAY, convertedtype=UTF8"`
Answers []struct {
RRName string `json:"rrname" parquet:"name=rrname, type=BYTE_ARRAY, convertedtype=UTF8"`
RRType string `json:"rrtype" parquet:"name=rrtype, type=BYTE_ARRAY, convertedtype=UTF8"`
TTL int `json:"ttl" parquet:"name=ttl, type=INT32"`
RData string `json:"rdata" parquet:"name=rdata, type=BYTE_ARRAY, convertedtype=UTF8"`
} `json:"answers" parquet:"name=answers"`
} `json:"dns" parquet:"name=dns"`
GeoIPData struct {
Source GeoIPData `json:"source" parquet:"name=source"`
Dest GeoIPData `json:"dest" parquet:"name=dest"`
} `json:"geoip_data" parquet:"name=geoip_data"`
}
func (DNSEvent) GetDateHourKey ¶
func (e DNSEvent) GetDateHourKey() storage.DateHourKey
func (*DNSEvent) UpdateFields ¶
func (*DNSEvent) UpdateGeoIP ¶
type FlowEvent ¶
type FlowEvent struct {
Timestamp string `json:"timestamp"`
EventTime int64 `parquet:"name=event_time, type=INT64, convertedtype=TIMESTAMP_MILLIS"`
EventType string `json:"event_type"`
SrcIP string `json:"src_ip" parquet:"name=src_ip, type=BYTE_ARRAY, convertedtype=UTF8"`
DestIP string `json:"dest_ip" parquet:"name=dest_ip, type=BYTE_ARRAY, convertedtype=UTF8"`
SrcPort int `json:"src_port" parquet:"name=src_port, type=INT32"`
DestPort int `json:"dest_port" parquet:"name=dest_port, type=INT32"`
Proto string `json:"proto" parquet:"name=proto, type=BYTE_ARRAY, convertedtype=UTF8"`
AppProto string `json:"app_proto" parquet:"name=app_proto, type=BYTE_ARRAY, convertedtype=UTF8"`
FlowID int64 `json:"flow_id" parquet:"name=flow_id, type=INT64"`
InIface string `json:"in_iface" parquet:"name=in_iface, type=BYTE_ARRAY, convertedtype=UTF8"`
Vlan int `json:"vlan" parquet:"name=vlan, type=INT32"`
TxID int `json:"tx_id" parquet:"name=tx_id, type=INT32"`
Flow struct {
PktsToServer int64 `json:"pkts_toserver" parquet:"name=pkts_toserver, type=INT64"`
PktsToClient int64 `json:"pkts_toclient" parquet:"name=pkts_toclient, type=INT64"`
BytesToServer int64 `json:"bytes_toserver" parquet:"name=bytes_toserver, type=INT64"`
BytesToClient int64 `json:"bytes_toclient" parquet:"name=bytes_toclient, type=INT64"`
Start string `json:"start" parquet:"name=start, type=BYTE_ARRAY, convertedtype=UTF8"`
End string `json:"end" parquet:"name=end, type=BYTE_ARRAY, convertedtype=UTF8"`
Age int `json:"age" parquet:"name=age, type=INT32"`
State string `json:"state" parquet:"name=state, type=BYTE_ARRAY, convertedtype=UTF8"`
Reason string `json:"reason" parquet:"name=reason, type=BYTE_ARRAY, convertedtype=UTF8"`
Alerted bool `json:"alerted" parquet:"name=alerted, type=BOOLEAN"`
} `json:"flow" parquet:"name=flow"`
TCP struct {
TCPFlags string `json:"tcp_flags" parquet:"name=tcp_flags, type=BYTE_ARRAY, convertedtype=UTF8"`
TCPFlagsTS string `json:"tcp_flags_ts" parquet:"name=tcp_flags_ts, type=BYTE_ARRAY, convertedtype=UTF8"`
TCPFlagsTC string `json:"tcp_flags_tc" parquet:"name=tcp_flags_tc, type=BYTE_ARRAY, convertedtype=UTF8"`
Syn bool `json:"syn" parquet:"name=syn, type=BOOLEAN"`
Rst bool `json:"rst" parquet:"name=rst, type=BOOLEAN"`
Ack bool `json:"ack" parquet:"name=ack, type=BOOLEAN"`
Ecn bool `json:"ecn" parquet:"name=ecn, type=BOOLEAN"`
Cwr bool `json:"cwr" parquet:"name=cwr, type=BOOLEAN"`
Psh bool `json:"psh" parquet:"name=psh, type=BOOLEAN"`
Fin bool `json:"fin" parquet:"name=fin, type=BOOLEAN"`
Urg bool `json:"urg" parquet:"name=urg, type=BOOLEAN"`
State string `json:"state" parquet:"name=state, type=BYTE_ARRAY, convertedtype=UTF8"`
} `json:"tcp" parquet:"name=tcp"`
GeoIPData struct {
Source GeoIPData `json:"source" parquet:"name=source"`
Dest GeoIPData `json:"dest" parquet:"name=dest"`
} `json:"geoip_data" parquet:"name=geoip_data"`
}
func (FlowEvent) GetDateHourKey ¶
func (e FlowEvent) GetDateHourKey() storage.DateHourKey
func (*FlowEvent) UpdateFields ¶
func (*FlowEvent) UpdateGeoIP ¶
type GeoIPData ¶
type GeoIPData struct {
CityName string `json:"city_name" parquet:"name=city_name, type=BYTE_ARRAY, convertedtype=UTF8"`
ContinentCode string `json:"continent_code" parquet:"name=continent_code, type=BYTE_ARRAY, convertedtype=UTF8"`
ContinentName string `json:"continent_name" parquet:"name=continent_name, type=BYTE_ARRAY, convertedtype=UTF8"`
CountryIsoCode string `json:"country_iso_code" parquet:"name=country_iso_code, type=BYTE_ARRAY, convertedtype=UTF8"`
CountryName string `json:"country_name" parquet:"name=country_name, type=BYTE_ARRAY, convertedtype=UTF8"`
Latitude float64 `json:"latitude" parquet:"name=latitude, type=DOUBLE"`
Longitude float64 `json:"longitude" parquet:"name=longitude, type=DOUBLE"`
LocationAccuracyRadius int `json:"location_accuracy_radius" parquet:"name=location_accuracy_radius, type=INT32"`
TimeZone string `json:"time_zone" parquet:"name=time_zone, type=BYTE_ARRAY, convertedtype=UTF8"`
PostalCode string `json:"postal_code" parquet:"name=postal_code, type=BYTE_ARRAY, convertedtype=UTF8"`
IsAnonymousProxy bool `json:"is_anonymous_proxy" parquet:"name=is_anonymous_proxy, type=BOOLEAN"`
IsSatelliteProvider bool `json:"is_satellite_provider" parquet:"name=is_satellite_provider, type=BOOLEAN"`
Subdivisions []struct {
IsoCode string `json:"iso_code" parquet:"name=iso_code, type=BYTE_ARRAY, convertedtype=UTF8"`
Name string `json:"name" parquet:"name=name, type=BYTE_ARRAY, convertedtype=UTF8"`
} `json:"subdivisions" parquet:"name=subdivisions, type=LIST"`
}
func GetGeoIPData ¶
type GeoIPModel ¶
type GeoIPModel interface {
UpdateGeoIP(reader *geoip2.Reader) error
}
type HTTPEvent ¶
type HTTPEvent struct {
Timestamp string `json:"timestamp"`
EventTime int64 `parquet:"name=event_time, type=INT64, convertedtype=TIMESTAMP_MILLIS"`
EventType string `json:"event_type"`
SrcIP string `json:"src_ip" parquet:"name=src_ip, type=BYTE_ARRAY, convertedtype=UTF8"`
DestIP string `json:"dest_ip" parquet:"name=dest_ip, type=BYTE_ARRAY, convertedtype=UTF8"`
SrcPort int `json:"src_port" parquet:"name=src_port, type=INT32"`
DestPort int `json:"dest_port" parquet:"name=dest_port, type=INT32"`
Proto string `json:"proto" parquet:"name=proto, type=BYTE_ARRAY, convertedtype=UTF8"`
AppProto string `json:"app_proto" parquet:"name=app_proto, type=BYTE_ARRAY, convertedtype=UTF8"`
FlowID int64 `json:"flow_id" parquet:"name=flow_id, type=INT64"`
InIface string `json:"in_iface" parquet:"name=in_iface, type=BYTE_ARRAY, convertedtype=UTF8"`
Vlan int `json:"vlan" parquet:"name=vlan, type=INT32"`
TxID int `json:"tx_id" parquet:"name=tx_id, type=INT32"`
HTTP struct {
HTTPPort int `json:"http_port" parquet:"name=http_port, type=INT32"`
Hostname string `json:"hostname" parquet:"name=hostname, type=BYTE_ARRAY, convertedtype=UTF8"`
URL string `json:"url" parquet:"name=url, type=BYTE_ARRAY, convertedtype=UTF8"`
HTTPUserAgent string `json:"http_user_agent" parquet:"name=http_user_agent, type=BYTE_ARRAY, convertedtype=UTF8"`
HTTPContentType string `json:"http_content_type" parquet:"name=http_content_type, type=BYTE_ARRAY, convertedtype=UTF8"`
HTTPRefer string `json:"http_refer" parquet:"name=http_refer, type=BYTE_ARRAY, convertedtype=UTF8"`
HTTPMethod string `json:"http_method" parquet:"name=http_method, type=BYTE_ARRAY, convertedtype=UTF8"`
Protocol string `json:"protocol" parquet:"name=protocol, type=BYTE_ARRAY, convertedtype=UTF8"`
Status int `json:"status" parquet:"name=status, type=INT32"`
Length int `json:"length" parquet:"name=length, type=INT32"`
} `json:"http" parquet:"name=http"`
GeoIPData struct {
Source GeoIPData `json:"source" parquet:"name=source"`
Dest GeoIPData `json:"dest" parquet:"name=dest"`
} `json:"geoip_data" parquet:"name=geoip_data"`
}
func (HTTPEvent) GetDateHourKey ¶
func (e HTTPEvent) GetDateHourKey() storage.DateHourKey
func (*HTTPEvent) UpdateFields ¶
func (*HTTPEvent) UpdateGeoIP ¶
type StatsEvent ¶
type StatsEvent struct {
Timestamp string `json:"timestamp"`
EventTime int64 `parquet:"name=event_time, type=INT64, convertedtype=TIMESTAMP_MILLIS"`
EventType string `json:"event_type"`
Stats struct {
Uptime int64 `json:"uptime" parquet:"name=uptime, type=INT64"`
Capture struct {
KernelPackets int64 `json:"kernel_packets" parquet:"name=kernel_packets, type=INT64"`
KernelDrops int64 `json:"kernel_drops" parquet:"name=kernel_drops, type=INT64"`
Errors int64 `json:"errors" parquet:"name=errors, type=INT64"`
} `json:"capture" parquet:"name=capture"`
Decoder struct {
Pkts int64 `json:"pkts" parquet:"name=pkts, type=INT64"`
Bytes int64 `json:"bytes" parquet:"name=bytes, type=INT64"`
Invalid int64 `json:"invalid" parquet:"name=invalid, type=INT64"`
IPv4 int64 `json:"ipv4" parquet:"name=ipv4, type=INT64"`
IPv6 int64 `json:"ipv6" parquet:"name=ipv6, type=INT64"`
Ethernet int64 `json:"ethernet" parquet:"name=ethernet, type=INT64"`
Chdlc int64 `json:"chdlc" parquet:"name=chdlc, type=INT64"`
Raw int64 `json:"raw" parquet:"name=raw, type=INT64"`
Null int64 `json:"null" parquet:"name=null, type=INT64"`
SLL int64 `json:"sll" parquet:"name=sll, type=INT64"`
TCP int64 `json:"tcp" parquet:"name=tcp, type=INT64"`
UDP int64 `json:"udp" parquet:"name=udp, type=INT64"`
SCTP int64 `json:"sctp" parquet:"name=sctp, type=INT64"`
ICMPv4 int64 `json:"icmpv4" parquet:"name=icmpv4, type=INT64"`
ICMPv6 int64 `json:"icmpv6" parquet:"name=icmpv6, type=INT64"`
PPP int64 `json:"ppp" parquet:"name=ppp, type=INT64"`
PPPoE int64 `json:"pppoe" parquet:"name=pppoe, type=INT64"`
Geneve int64 `json:"geneve" parquet:"name=geneve, type=INT64"`
GRE int64 `json:"gre" parquet:"name=gre, type=INT64"`
VLAN int64 `json:"vlan" parquet:"name=vlan, type=INT64"`
VLANQinQ int64 `json:"vlan_qinq" parquet:"name=vlan_qinq, type=INT64"`
VXLAN int64 `json:"vxlan" parquet:"name=vxlan, type=INT64"`
VNTAG int64 `json:"vntag" parquet:"name=vntag, type=INT64"`
IEEE8021ah int64 `json:"ieee8021ah" parquet:"name=ieee8021ah, type=INT64"`
Teredo int64 `json:"teredo" parquet:"name=teredo, type=INT64"`
IPv4InIPv6 int64 `json:"ipv4_in_ipv6" parquet:"name=ipv4_in_ipv6, type=INT64"`
IPv6InIPv6 int64 `json:"ipv6_in_ipv6" parquet:"name=ipv6_in_ipv6, type=INT64"`
MPLS int64 `json:"mpls" parquet:"name=mpls, type=INT64"`
AvgPacketSize int64 `json:"avg_packet_size" parquet:"name=avg_packet_size, type=INT64"`
MaxPacketSize int64 `json:"max_packet_size" parquet:"name=max_packet_size, type=INT64"`
MaxMacAddrsSrc int64 `json:"max_mac_addrs_src" parquet:"name=max_mac_addrs_src, type=INT64"`
MaxMacAddrsDst int64 `json:"max_mac_addrs_dst" parquet:"name=max_mac_addrs_dst, type=INT64"`
ERSpan int64 `json:"erspan" parquet:"name=erspan, type=INT64"`
} `json:"decoder" parquet:"name=decoder"`
Flow struct {
Memcap int64 `json:"memcap" parquet:"name=memcap, type=INT64"`
TCP int64 `json:"tcp" parquet:"name=tcp, type=INT64"`
UDP int64 `json:"udp" parquet:"name=udp, type=INT64"`
ICMPv4 int64 `json:"icmpv4" parquet:"name=icmpv4, type=INT64"`
ICMPv6 int64 `json:"icmpv6" parquet:"name=icmpv6, type=INT64"`
TCPReuse int64 `json:"tcp_reuse" parquet:"name=tcp_reuse, type=INT64"`
GetUsed int64 `json:"get_used" parquet:"name=get_used, type=INT64"`
GetUsedEval int64 `json:"get_used_eval" parquet:"name=get_used_eval, type=INT64"`
GetUsedEvalReject int64 `json:"get_used_eval_reject" parquet:"name=get_used_eval_reject, type=INT64"`
GetUsedEvalBusy int64 `json:"get_used_eval_busy" parquet:"name=get_used_eval_busy, type=INT64"`
GetUsedFailed int64 `json:"get_used_failed" parquet:"name=get_used_failed, type=INT64"`
} `json:"flow" parquet:"name=flow"`
TCP struct {
Sessions int64 `json:"sessions" parquet:"name=sessions, type=INT64"`
SSNMemcapDrop int64 `json:"ssn_memcap_drop" parquet:"name=ssn_memcap_drop, type=INT64"`
Pseudo int64 `json:"pseudo" parquet:"name=pseudo, type=INT64"`
PseudoFailed int64 `json:"pseudo_failed" parquet:"name=pseudo_failed, type=INT64"`
InvalidChecksum int64 `json:"invalid_checksum" parquet:"name=invalid_checksum, type=INT64"`
NoFlow int64 `json:"no_flow" parquet:"name=no_flow, type=INT64"`
Syn int64 `json:"syn" parquet:"name=syn, type=INT64"`
Synack int64 `json:"synack" parquet:"name=synack, type=INT64"`
Rst int64 `json:"rst" parquet:"name=rst, type=INT64"`
} `json:"tcp" parquet:"name=tcp"`
} `json:"stats" parquet:"name=stats"`
}
func (StatsEvent) GetDateHourKey ¶
func (e StatsEvent) GetDateHourKey() storage.DateHourKey
func (*StatsEvent) UpdateFields ¶
func (e *StatsEvent) UpdateFields() error
type TLSEvent ¶
type TLSEvent struct {
Timestamp string `json:"timestamp"`
EventTime int64 `parquet:"name=event_time, type=INT64, convertedtype=TIMESTAMP_MILLIS"`
EventType string `json:"event_type"`
SrcIP string `json:"src_ip" parquet:"name=src_ip, type=BYTE_ARRAY, convertedtype=UTF8"`
DestIP string `json:"dest_ip" parquet:"name=dest_ip, type=BYTE_ARRAY, convertedtype=UTF8"`
SrcPort int `json:"src_port" parquet:"name=src_port, type=INT32"`
DestPort int `json:"dest_port" parquet:"name=dest_port, type=INT32"`
Proto string `json:"proto" parquet:"name=proto, type=BYTE_ARRAY, convertedtype=UTF8"`
AppProto string `json:"app_proto" parquet:"name=app_proto, type=BYTE_ARRAY, convertedtype=UTF8"`
FlowID int64 `json:"flow_id" parquet:"name=flow_id, type=INT64"`
InIface string `json:"in_iface" parquet:"name=in_iface, type=BYTE_ARRAY, convertedtype=UTF8"`
Vlan int `json:"vlan" parquet:"name=vlan, type=INT32"`
TxID int `json:"tx_id" parquet:"name=tx_id, type=INT32"`
Traffic *struct {
ID []string `json:"id" parquet:"name=id, type=MAP, convertedtype=LIST, valuetype=BYTE_ARRAY, valueconvertedtype=UTF8"`
Label []string `json:"label" parquet:"name=label, type=MAP, convertedtype=LIST, valuetype=BYTE_ARRAY, valueconvertedtype=UTF8"`
} `json:"traffic" parquet:"name=traffic"`
TLS struct {
Subject string `json:"subject" parquet:"name=subject, type=BYTE_ARRAY, convertedtype=UTF8"`
IssuerDN string `json:"issuerdn" parquet:"name=issuerdn, type=BYTE_ARRAY, convertedtype=UTF8"`
Serial string `json:"serial" parquet:"name=serial, type=BYTE_ARRAY, convertedtype=UTF8"`
Fingerprint string `json:"fingerprint" parquet:"name=fingerprint, type=BYTE_ARRAY, convertedtype=UTF8"`
SNI string `json:"sni" parquet:"name=sni, type=BYTE_ARRAY, convertedtype=UTF8"`
Version string `json:"version" parquet:"name=version, type=BYTE_ARRAY, convertedtype=UTF8"`
NotBefore string `json:"notbefore" parquet:"name=notbefore, type=BYTE_ARRAY, convertedtype=UTF8"`
NotAfter string `json:"notafter" parquet:"name=notafter, type=BYTE_ARRAY, convertedtype=UTF8"`
JA3 struct {
Hash string `json:"hash" parquet:"name=hash, type=BYTE_ARRAY, convertedtype=UTF8"`
String string `json:"string" parquet:"name=string, type=BYTE_ARRAY, convertedtype=UTF8"`
} `json:"ja3" parquet:"name=ja3"`
JA3S struct {
Hash string `json:"hash" parquet:"name=hash, type=BYTE_ARRAY, convertedtype=UTF8"`
String string `json:"string" parquet:"name=string, type=BYTE_ARRAY, convertedtype=UTF8"`
} `json:"ja3s" parquet:"name=ja3s"`
} `json:"tls" parquet:"name=tls"`
GeoIPData struct {
Source GeoIPData `json:"source" parquet:"name=source"`
Dest GeoIPData `json:"dest" parquet:"name=dest"`
} `json:"geoip_data" parquet:"name=geoip_data"`
}
func (TLSEvent) GetDateHourKey ¶
func (e TLSEvent) GetDateHourKey() storage.DateHourKey
func (*TLSEvent) UpdateFields ¶
func (*TLSEvent) UpdateGeoIP ¶
Source Files
Click to show internal directories.
Click to hide internal directories.