Documentation
¶
Index ¶
- Variables
- type AddrTypeEnricher
- type AddrTypeEnricherConfig
- type Enricher
- type FieldMapperEnricher
- type FieldMapperEnricherConfig
- type FieldMapperEnricherFieldConfig
- type MaxmindDBEnricher
- type MaxmindDBEnricherConfig
- type MaxmindDBEnricherField
- type MaxmindDBEnricherIPData
- type NetDBEnricher
- type NetDBEnricherConfig
- type NetDBEnricherConfigConfig
- type ProtonamesEnricher
- type ProtonamesEnricherConfig
- type RDNSEnricher
- type RDNSEnricherConfig
Constants ¶
This section is empty.
Variables ¶
View Source
var ( MaxmindDBEnricherFields = []MaxmindDBEnricherField{ MaxmindDBEnricherField_ASN, MaxmindDBEnricherField_ASNOrganization, MaxmindDBEnricherField_AverageIncome, MaxmindDBEnricherField_CityConfidence, MaxmindDBEnricherField_CityName, MaxmindDBEnricherField_ConnectionType, MaxmindDBEnricherField_ContinentCode, MaxmindDBEnricherField_ContinentName, MaxmindDBEnricherField_CountryCode, MaxmindDBEnricherField_CountryConfidence, MaxmindDBEnricherField_CountryIsInEU, MaxmindDBEnricherField_CountryName, MaxmindDBEnricherField_Domain, MaxmindDBEnricherField_IPRisk, MaxmindDBEnricherField_IsAnonymous, MaxmindDBEnricherField_IsAnonymousProxy, MaxmindDBEnricherField_IsAnonymousVPN, MaxmindDBEnricherField_IsHostingProvider, MaxmindDBEnricherField_IsLegitimateProxy, MaxmindDBEnricherField_ISP, MaxmindDBEnricherField_IsPublicProxy, MaxmindDBEnricherField_IsResidentialProxy, MaxmindDBEnricherField_IsSatelliteProvider, MaxmindDBEnricherField_IsTorExitNode, MaxmindDBEnricherField_LocationAccuracyRadius, MaxmindDBEnricherField_LocationLatitude, MaxmindDBEnricherField_LocationLongitude, MaxmindDBEnricherField_LocationMetroCode, MaxmindDBEnricherField_LocationPostalCode, MaxmindDBEnricherField_LocationPostalConfidence, MaxmindDBEnricherField_LocationTimeZone, MaxmindDBEnricherField_Organization, MaxmindDBEnricherField_PopulationDensity, MaxmindDBEnricherField_RegisteredCountryCode, MaxmindDBEnricherField_RegisteredCountryIsInEU, MaxmindDBEnricherField_RegisteredCountryName, MaxmindDBEnricherField_RepresentedCountryCode, MaxmindDBEnricherField_RepresentedCountryName, MaxmindDBEnricherField_StaticIPScore, MaxmindDBEnricherField_UserType, } MaxmindDBEnricherFields_All = MaxmindDBEnricherFields MaxmindDBEnricherFields_MaximumMisery = MaxmindDBEnricherFields MaxmindDBEnricherFields_AnonymousIP = []MaxmindDBEnricherField{ MaxmindDBEnricherField_IsAnonymous, MaxmindDBEnricherField_IsAnonymousVPN, MaxmindDBEnricherField_IsTorExitNode, MaxmindDBEnricherField_IsHostingProvider, MaxmindDBEnricherField_IsPublicProxy, MaxmindDBEnricherField_IsResidentialProxy, } MaxmindDBEnricherFields_ASN = []MaxmindDBEnricherField{ MaxmindDBEnricherField_ASN, MaxmindDBEnricherField_ASNOrganization, } MaxmindDBEnricherFields_City = []MaxmindDBEnricherField{ MaxmindDBEnricherField_CityName, MaxmindDBEnricherField_ContinentCode, MaxmindDBEnricherField_ContinentName, MaxmindDBEnricherField_CountryCode, MaxmindDBEnricherField_CountryIsInEU, MaxmindDBEnricherField_CountryName, MaxmindDBEnricherField_LocationAccuracyRadius, MaxmindDBEnricherField_LocationLatitude, MaxmindDBEnricherField_LocationLongitude, MaxmindDBEnricherField_LocationPostalCode, MaxmindDBEnricherField_LocationTimeZone, MaxmindDBEnricherField_RegisteredCountryCode, MaxmindDBEnricherField_RegisteredCountryIsInEU, MaxmindDBEnricherField_RegisteredCountryName, MaxmindDBEnricherField_RepresentedCountryCode, MaxmindDBEnricherField_RepresentedCountryName, } MaxmindDBEnricherFields_ConnectionType = []MaxmindDBEnricherField{ MaxmindDBEnricherField_ConnectionType, } MaxmindDBEnricherFields_Country = []MaxmindDBEnricherField{ MaxmindDBEnricherField_ContinentCode, MaxmindDBEnricherField_ContinentName, MaxmindDBEnricherField_CountryCode, MaxmindDBEnricherField_CountryName, MaxmindDBEnricherField_LocationAccuracyRadius, MaxmindDBEnricherField_LocationLatitude, MaxmindDBEnricherField_LocationLongitude, MaxmindDBEnricherField_LocationTimeZone, MaxmindDBEnricherField_RegisteredCountryCode, MaxmindDBEnricherField_RegisteredCountryName, MaxmindDBEnricherField_RepresentedCountryCode, MaxmindDBEnricherField_RepresentedCountryName, } MaxmindDBEnricherFields_DensityIncome = []MaxmindDBEnricherField{ MaxmindDBEnricherField_AverageIncome, MaxmindDBEnricherField_PopulationDensity, } MaxmindDBEnricherFields_Domain = []MaxmindDBEnricherField{ MaxmindDBEnricherField_Domain, } MaxmindDBEnricherFields_Enterprise = []MaxmindDBEnricherField{ MaxmindDBEnricherField_CityConfidence, MaxmindDBEnricherField_CityName, MaxmindDBEnricherField_ContinentCode, MaxmindDBEnricherField_ContinentName, MaxmindDBEnricherField_CountryConfidence, MaxmindDBEnricherField_CountryCode, MaxmindDBEnricherField_CountryName, MaxmindDBEnricherField_CountryIsInEU, MaxmindDBEnricherField_LocationAccuracyRadius, MaxmindDBEnricherField_LocationLatitude, MaxmindDBEnricherField_LocationLongitude, MaxmindDBEnricherField_LocationMetroCode, MaxmindDBEnricherField_LocationTimeZone, MaxmindDBEnricherField_LocationPostalCode, MaxmindDBEnricherField_LocationPostalConfidence, MaxmindDBEnricherField_RegisteredCountryCode, MaxmindDBEnricherField_RegisteredCountryIsInEU, MaxmindDBEnricherField_RegisteredCountryName, MaxmindDBEnricherField_ASN, MaxmindDBEnricherField_ASNOrganization, MaxmindDBEnricherField_ConnectionType, MaxmindDBEnricherField_Domain, MaxmindDBEnricherField_IsAnonymousProxy, MaxmindDBEnricherField_IsLegitimateProxy, MaxmindDBEnricherField_IsSatelliteProvider, MaxmindDBEnricherField_ISP, MaxmindDBEnricherField_Organization, MaxmindDBEnricherField_StaticIPScore, MaxmindDBEnricherField_UserType, } MaxmindDBEnricherFields_IPRisk = []MaxmindDBEnricherField{ MaxmindDBEnricherField_IPRisk, MaxmindDBEnricherField_IsAnonymous, MaxmindDBEnricherField_IsAnonymousVPN, MaxmindDBEnricherField_IsHostingProvider, MaxmindDBEnricherField_IsPublicProxy, MaxmindDBEnricherField_IsResidentialProxy, MaxmindDBEnricherField_IsTorExitNode, } MaxmindDBEnricherFields_ISP = []MaxmindDBEnricherField{ MaxmindDBEnricherField_ASN, MaxmindDBEnricherField_ASNOrganization, MaxmindDBEnricherField_ISP, MaxmindDBEnricherField_Organization, } MaxmindDBEnricherFields_StaticIPScore = []MaxmindDBEnricherField{ MaxmindDBEnricherField_StaticIPScore, } )
View Source
var ( MetricMMDBCacheSize = prometheus.NewGauge( prometheus.GaugeOpts{ Name: "mmdb_cache_size", Help: "size of MaxMind DB enricher LRU cache", }, ) MetricMMDBCacheHits = prometheus.NewCounter( prometheus.CounterOpts{ Name: "mmdb_cache_hits", Help: "Number of MaxMind DB enricher LRU cache hits", }, ) MetricMMDBCacheMisses = prometheus.NewCounter( prometheus.CounterOpts{ Name: "mmdb_cache_misses", Help: "Number of MaxMind DB enricher LRU cache misses", }, ) MetricMMDBLookups = prometheus.NewCounterVec( prometheus.CounterOpts{ Name: "mmdb_lookups", Help: "Number of MaxMind DB enricher lookups", }, []string{"dbpath", "status"}, ) )
View Source
var ( MetricRDNSCacheSize = prometheus.NewGauge( prometheus.GaugeOpts{ Name: "rdns_cache_size", Help: "size of RDNS enricher LRU cache", }, ) MetricRDNSCacheHits = prometheus.NewCounter( prometheus.CounterOpts{ Name: "rdns_cache_hits", Help: "Number of RDNS enricher LRU cache hits", }, ) MetricRDNSCacheMisses = prometheus.NewCounter( prometheus.CounterOpts{ Name: "rdns_cache_misses", Help: "Number of RDNS enricher LRU cache misses", }, ) MetricRDNSLookups = prometheus.NewCounterVec( prometheus.CounterOpts{ Name: "rdns_lookups", Help: "Number of RDNS enricher lookups", }, []string{"status"}, ) )
View Source
var NetDBEnricherBuiltinEtherTypes = []netdb.EtherType{
{
Name: "cobranet",
Number: 0x8819,
},
{
Name: "mikrotik-romon",
Number: 0x88bf,
},
{
Name: "avtp",
Number: 0x22f0,
},
{
Name: "vlacp",
Number: 0x8103,
},
{
Name: "lacp",
Number: 0x8809,
},
{
Name: "wake-on-lan",
Number: 0x0842,
},
{
Name: "srp",
Number: 0x22ea,
},
{
Name: "qnx-qnet",
Number: 0x8204,
},
{
Name: "loopback",
Number: 0x9000,
},
{
Name: "slpp",
Number: 0x8102,
},
{
Name: "epon",
Number: 0x8808,
},
}
HACK: upstream doesn't support all of the EtherTypes we want.
Functions ¶
This section is empty.
Types ¶
type AddrTypeEnricher ¶
type AddrTypeEnricher struct {
Config *AddrTypeEnricherConfig
// contains filtered or unexported fields
}
func NewAddrTypeEnricher ¶
func NewAddrTypeEnricher(config *AddrTypeEnricherConfig) AddrTypeEnricher
func (*AddrTypeEnricher) Process ¶
func (e *AddrTypeEnricher) Process(msg map[string]interface{}) map[string]interface{}
type AddrTypeEnricherConfig ¶
type AddrTypeEnricherConfig struct {
}
type FieldMapperEnricher ¶ added in v0.2.0
type FieldMapperEnricher struct {
Config *FieldMapperEnricherConfig
// contains filtered or unexported fields
}
func NewFieldMapperEnricher ¶ added in v0.2.0
func NewFieldMapperEnricher(config *FieldMapperEnricherConfig) FieldMapperEnricher
func (*FieldMapperEnricher) Process ¶ added in v0.2.0
func (e *FieldMapperEnricher) Process(msg map[string]interface{}) map[string]interface{}
type FieldMapperEnricherConfig ¶ added in v0.2.0
type FieldMapperEnricherConfig struct {
Fields []*FieldMapperEnricherFieldConfig `yaml:"fields"`
}
type FieldMapperEnricherFieldConfig ¶ added in v0.2.0
type MaxmindDBEnricher ¶
type MaxmindDBEnricher struct {
Config *MaxmindDBEnricherConfig
// contains filtered or unexported fields
}
func NewMaxmindDBEnricher ¶
func NewMaxmindDBEnricher(config *MaxmindDBEnricherConfig) MaxmindDBEnricher
func (*MaxmindDBEnricher) Process ¶
func (e *MaxmindDBEnricher) Process(msg map[string]interface{}) map[string]interface{}
type MaxmindDBEnricherConfig ¶
type MaxmindDBEnricherConfig struct {
EnableCache bool `yaml:"enable_cache"`
CacheSize int `yaml:"cache_size"`
CacheOnly bool `yaml:"cache_only"`
Locale string `yaml:"locale"`
DatabasePaths []string `yaml:"database_paths"`
EnabledFields []MaxmindDBEnricherField `yaml:"enabled_fields"`
EnabledFieldGroups []string `yaml:"enabled_field_groups"`
}
func (*MaxmindDBEnricherConfig) DedupEnabledFields ¶
func (c *MaxmindDBEnricherConfig) DedupEnabledFields() []MaxmindDBEnricherField
type MaxmindDBEnricherField ¶
type MaxmindDBEnricherField string
const ( MaxmindDBEnricherField_ASN MaxmindDBEnricherField = "asn" MaxmindDBEnricherField_ASNOrganization MaxmindDBEnricherField = "asn_org" MaxmindDBEnricherField_AverageIncome MaxmindDBEnricherField = "average_income" MaxmindDBEnricherField_CityConfidence MaxmindDBEnricherField = "city_confidence" MaxmindDBEnricherField_CityName MaxmindDBEnricherField = "city_name" MaxmindDBEnricherField_ConnectionType MaxmindDBEnricherField = "connection_type" MaxmindDBEnricherField_ContinentCode MaxmindDBEnricherField = "continent_code" MaxmindDBEnricherField_ContinentName MaxmindDBEnricherField = "continent_name" MaxmindDBEnricherField_CountryCode MaxmindDBEnricherField = "country_code" MaxmindDBEnricherField_CountryConfidence MaxmindDBEnricherField = "country_confidence" MaxmindDBEnricherField_CountryIsInEU MaxmindDBEnricherField = "country_eu" MaxmindDBEnricherField_CountryName MaxmindDBEnricherField = "country_name" MaxmindDBEnricherField_Domain MaxmindDBEnricherField = "domain" MaxmindDBEnricherField_IPRisk MaxmindDBEnricherField = "ip_risk" MaxmindDBEnricherField_IsAnonymous MaxmindDBEnricherField = "is_anonymous" MaxmindDBEnricherField_IsAnonymousProxy MaxmindDBEnricherField = "is_anonymous_proxy" MaxmindDBEnricherField_IsAnonymousVPN MaxmindDBEnricherField = "is_anonymous_vpn" MaxmindDBEnricherField_IsHostingProvider MaxmindDBEnricherField = "is_hosting_provider" MaxmindDBEnricherField_IsLegitimateProxy MaxmindDBEnricherField = "is_legitimate_proxy" MaxmindDBEnricherField_ISP MaxmindDBEnricherField = "isp" MaxmindDBEnricherField_IsPublicProxy MaxmindDBEnricherField = "is_public_proxy" MaxmindDBEnricherField_IsResidentialProxy MaxmindDBEnricherField = "is_residential_proxy" MaxmindDBEnricherField_IsSatelliteProvider MaxmindDBEnricherField = "is_satellite_provider" MaxmindDBEnricherField_IsTorExitNode MaxmindDBEnricherField = "is_tor_exit_node" MaxmindDBEnricherField_LocationAccuracyRadius MaxmindDBEnricherField = "loc_accuracy" MaxmindDBEnricherField_LocationLatitude MaxmindDBEnricherField = "loc_lat" MaxmindDBEnricherField_LocationLongitude MaxmindDBEnricherField = "loc_long" MaxmindDBEnricherField_LocationMetroCode MaxmindDBEnricherField = "loc_metro_code" MaxmindDBEnricherField_LocationPostalCode MaxmindDBEnricherField = "loc_postal_code" MaxmindDBEnricherField_LocationPostalConfidence MaxmindDBEnricherField = "loc_postal_confidence" MaxmindDBEnricherField_LocationTimeZone MaxmindDBEnricherField = "loc_tz" MaxmindDBEnricherField_Organization MaxmindDBEnricherField = "organization" MaxmindDBEnricherField_PopulationDensity MaxmindDBEnricherField = "population_density" MaxmindDBEnricherField_RegisteredCountryCode MaxmindDBEnricherField = "registered_country_code" MaxmindDBEnricherField_RegisteredCountryIsInEU MaxmindDBEnricherField = "registered_country_eu" MaxmindDBEnricherField_RegisteredCountryName MaxmindDBEnricherField = "registered_country_name" MaxmindDBEnricherField_RepresentedCountryCode MaxmindDBEnricherField = "represented_country_code" MaxmindDBEnricherField_RepresentedCountryName MaxmindDBEnricherField = "represented_country_name" MaxmindDBEnricherField_StaticIPScore MaxmindDBEnricherField = "static_ip_score" MaxmindDBEnricherField_UserType MaxmindDBEnricherField = "ip_user_type" )
type MaxmindDBEnricherIPData ¶
type MaxmindDBEnricherIPData map[MaxmindDBEnricherField]interface{}
type NetDBEnricher ¶ added in v0.2.0
type NetDBEnricher struct {
Config *NetDBEnricherConfig
// contains filtered or unexported fields
}
func NewNetDBEnricher ¶ added in v0.2.0
func NewNetDBEnricher(config *NetDBEnricherConfig) NetDBEnricher
func (*NetDBEnricher) Process ¶ added in v0.2.0
func (e *NetDBEnricher) Process(msg map[string]interface{}) map[string]interface{}
type NetDBEnricherConfig ¶ added in v0.2.0
type NetDBEnricherConfig struct {
EtherTypes *NetDBEnricherConfigConfig `yaml:"ethertypes"`
Protocols *NetDBEnricherConfigConfig `yaml:"protocols"`
Services *NetDBEnricherConfigConfig `yaml:"services"`
}
type NetDBEnricherConfigConfig ¶ added in v0.2.0
type ProtonamesEnricher ¶
type ProtonamesEnricher struct {
Config *ProtonamesEnricherConfig
// contains filtered or unexported fields
}
func NewProtonamesEnricher ¶
func NewProtonamesEnricher(config *ProtonamesEnricherConfig) ProtonamesEnricher
func (*ProtonamesEnricher) Process ¶
func (e *ProtonamesEnricher) Process(msg map[string]interface{}) map[string]interface{}
type ProtonamesEnricherConfig ¶
type ProtonamesEnricherConfig struct {
}
type RDNSEnricher ¶
type RDNSEnricher struct {
Config *RDNSEnricherConfig
// contains filtered or unexported fields
}
func NewRDNSEnricher ¶
func NewRDNSEnricher(config *RDNSEnricherConfig) RDNSEnricher
func (*RDNSEnricher) Process ¶
func (e *RDNSEnricher) Process(msg map[string]interface{}) map[string]interface{}
type RDNSEnricherConfig ¶
Source Files
Click to show internal directories.
Click to hide internal directories.