Documentation
¶
Index ¶
- Constants
- Variables
- func GetProcessStatus(w http.ResponseWriter, r *http.Request)
- func ServeClient(client *AzureClient, ip string) error
- type AzureClient
- func (client *AzureClient) GetBlobsByPrefix(prefix string) ([]storage.Blob, error)
- func (client *AzureClient) LoadProcessStatus() error
- func (client *AzureClient) LoadUnprocessedBlobs(afterTime time.Time) (*[]NsgLogFile, ProcessStatus, error)
- func (client *AzureClient) ProcessBlobsAfter(afterTime time.Time, parserClient NsgParserClient) error
- func (client *AzureClient) ProcessStatusFileName() string
- func (client *AzureClient) SaveProcessStatus() error
- type FileClient
- type NsgFlowLog
- type NsgFlowLogs
- type NsgLog
- type NsgLogFile
- type NsgParserClient
- type NsgParserStatus
- type ProcessStatus
- type Record
- type Records
- type SyslogClient
Constants ¶
View Source
const ( DestinationFile = "file" DestinationSyslog = "syslog" )
Variables ¶
View Source
var (
NsgFileRegExp *regexp.Regexp
)
Functions ¶
func GetProcessStatus ¶
func GetProcessStatus(w http.ResponseWriter, r *http.Request)
func ServeClient ¶
func ServeClient(client *AzureClient, ip string) error
Types ¶
type AzureClient ¶
type AzureClient struct {
Prefix string
ProcessStatus ProcessStatus
DataPath string
DestinationType string
Concurrency int
// contains filtered or unexported fields
}
func NewAzureClient ¶
func NewAzureClient(accountName, accountKey, containerName, dataPath string) (AzureClient, error)
func (*AzureClient) GetBlobsByPrefix ¶
func (client *AzureClient) GetBlobsByPrefix(prefix string) ([]storage.Blob, error)
func (*AzureClient) LoadProcessStatus ¶
func (client *AzureClient) LoadProcessStatus() error
func (*AzureClient) LoadUnprocessedBlobs ¶
func (client *AzureClient) LoadUnprocessedBlobs(afterTime time.Time) (*[]NsgLogFile, ProcessStatus, error)
func (*AzureClient) ProcessBlobsAfter ¶
func (client *AzureClient) ProcessBlobsAfter(afterTime time.Time, parserClient NsgParserClient) error
This is the primary function for processing NSG Flow Blobs.
func (*AzureClient) ProcessStatusFileName ¶
func (client *AzureClient) ProcessStatusFileName() string
func (*AzureClient) SaveProcessStatus ¶
func (client *AzureClient) SaveProcessStatus() error
type FileClient ¶
type FileClient struct {
DataPath string
}
func (*FileClient) Initialize ¶
func (client *FileClient) Initialize(dataPath string, azureClient *AzureClient) error
func (FileClient) ProcessNsgLogFile ¶
func (client FileClient) ProcessNsgLogFile(logFile *NsgLogFile, resultsChan chan NsgLogFile) error
type NsgFlowLog ¶
type NsgFlowLog struct {
Timestamp int64 `json:"time"`
SystemID *string `json:"systemId"`
Category *string `json:"category"`
ResourceID *string `json:"resourceId"`
OperationName *string `json:"operationName"`
Rule *string `json:"rule"`
Mac string `json:"mac"`
SourceIp string `json:"sourceIp"`
DestinationIp string `json:"destinationIp"`
SourcePort string `json:"sourcePort"`
DestinationPort string `json:"destinationPort"`
Protocol string `json:"protocol"`
TrafficFlow string `json:"trafficFlow"`
Traffic string `json:"traffic"`
}
Flat Representation of each Flow tuple.
type NsgFlowLogs ¶
type NsgFlowLogs []NsgFlowLog
type NsgLog ¶
type NsgLog struct {
Records Records `json:"records"`
}
NsgLog is the GO Struct representing the .json files produced by NSG Each NsgLog has multiple records. one per minute normally.
func (*NsgLog) GetFlowLogsAfter ¶
func (nsgLog *NsgLog) GetFlowLogsAfter(afterTime time.Time) (NsgFlowLogs, error)
type NsgLogFile ¶
type NsgLogFile struct {
Name string `json:"name"`
Etag string `json:"etag"`
LastModified time.Time `json:"last_modified"`
LastProcessed time.Time `json:"last_processed"`
LastProcessedRecord time.Time `json:"last_processed_record"`
LastProcessedTimeStamp int64 `json:"last_processed_time"`
LastRecordCount int `json:"last_count"`
LastProcessedRange storage.BlobRange `json:"last_processed_range"`
LogTime time.Time `json:"log_time"`
Blob storage.Blob `json:"-"`
NsgLog *NsgLog `json:"-"`
NsgName string `json:"nsg_name"`
}
NsgLogFile represents individual .json Log files in azure
func NewNsgLogFile ¶
func NewNsgLogFile(blob storage.Blob) (NsgLogFile, error)
func (*NsgLogFile) LoadBlob ¶
func (logFile *NsgLogFile) LoadBlob() error
func (*NsgLogFile) LoadBlobRange ¶ added in v0.0.4
func (logFile *NsgLogFile) LoadBlobRange(blobRange storage.BlobRange) error
Primary function for loading the storage.Blob object into an NsgLog Range is a set of byte offsets for reading the contents.
func (*NsgLogFile) Logger ¶
func (logFile *NsgLogFile) Logger() *log.Entry
func (*NsgLogFile) SaveToPath ¶
func (logFile *NsgLogFile) SaveToPath(path string) error
func (*NsgLogFile) ShortName ¶
func (logFile *NsgLogFile) ShortName() string
type NsgParserClient ¶
type NsgParserClient interface {
ProcessNsgLogFile(*NsgLogFile, chan NsgLogFile) error
}
type NsgParserStatus ¶
type ProcessStatus ¶
type ProcessStatus map[string]*NsgLogFile
func ReadProcessStatus ¶
func ReadProcessStatus(path, fileName string) (ProcessStatus, error)
type Record ¶
type Record struct {
Time time.Time `json:"time"`
SystemID string `json:"systemId"`
Category string `json:"category"`
ResourceID string `json:"resourceId"`
OperationName string `json:"operationName"`
Properties struct {
Version int `json:"Version"`
Flows []struct {
Rule string `json:"rule"`
Flows []struct {
Mac string `json:"mac"`
FlowTuples []string `json:"flowTuples"`
} `json:"flows"`
} `json:"flows"`
} `json:"properties"`
}
type SyslogClient ¶
type SyslogClient struct {
// contains filtered or unexported fields
}
func (*SyslogClient) Initialize ¶
func (client *SyslogClient) Initialize(protocol, host, port string, azureClient *AzureClient) error
func (SyslogClient) ProcessNsgLogFile ¶
func (client SyslogClient) ProcessNsgLogFile(logFile *NsgLogFile, resultsChan chan NsgLogFile) error
func (*SyslogClient) SendEvent ¶
func (client *SyslogClient) SendEvent(flowLog NsgFlowLog) error
Source Files
Click to show internal directories.
Click to hide internal directories.