package structs

import "github.com/TLop503/LogCrunch/structs"

Index

• Variables
• func ReflectSchema(s interface{}) map[string]string
• type ApacheLogEntry
• type Connection
• type ConnectionList
  • func NewConnList() *ConnectionList
  • func (ct *ConnectionList) AddToConnList(conn net.Conn)
• type IntakeLogFileData
• type Log
• type NginxLogEntry
• type ParserModule
• type SyslogEntry
• type Target
• type YamlConfig

Variables

var MetaParserRegistry = map[string]ParserModule{
	"syslog": {
		Regex:  regexp.MustCompile(`^(?P<timestamp>\w+\s+\d+\s+\d+:\d+:\d+)\s+(?P<host>\S+)\s+(?P<process>\w+)(?:\[(?P<pid>\d+)\])?:\s+(?P<message>.*)$`),
		Schema: ReflectSchema(SyslogEntry{}),
	},
	"apache": {
		Regex:  regexp.MustCompile(`(?P<remote>\S+) (?P<remote_long>\S+) (?P<remote_user>\S+) \[(?P<timestamp>[^\]]+)\] "(?P<request>[^"]*)" (?P<status_code>\d{3}) (?P<size>\S+)`),
		Schema: ReflectSchema(ApacheLogEntry{}),
	},
	"Heartbeat": {
		Regex:  regexp.MustCompile(`/ \d+ /`),
		Schema: map[string]string{},
	},
}

MetaParserRegistry maps module names to their regex and struct constructors

Functions

func ReflectSchema

func ReflectSchema(s interface{}) map[string]string

ReflectSchema takes a struct instance and returns a map of field name -> type string It reads the `logfield` tag if present, otherwise uses the Go field name.

Types

type ApacheLogEntry

type ApacheLogEntry struct {
	Remote     string `logfield:"remote"`
	RemoteLong string `logfield:"remote_long"`
	RemoteUser string `logfield:"remote_user"`
	Timestamp  string `logfield:"timestamp"`
	Request    string `logfield:"request"`
	StatusCode string `logfield:"status_code"`
	Size       string `logfield:"size"`
}

type Connection

type Connection struct {
	sync.Mutex
	RemoteAddr string
	FirstSeen  time.Time
	LastSeen   time.Time
	Hostname   string
	Alias      string
}

type ConnectionList

type ConnectionList struct {
	sync.RWMutex // RWMutex allows for better concurrent reads
	Connections  map[string]*Connection
}

func NewConnList

func NewConnList() *ConnectionList

Create a new list of connections w/ initialized map

func (*ConnectionList) AddToConnList

func (ct *ConnectionList) AddToConnList(conn net.Conn)

Add new host to list, w/ smart deduplication. duplicate connections are reconciled into a single entry in the connection list

type IntakeLogFileData

type IntakeLogFileData struct {
	FileContent string `json:"fileContent"`
}

type Log

type Log struct {
	Name      string      `json:"name"`
	Path      string      `json:"path"`
	Host      string      `json:"host"`
	Timestamp int64       `json:"timestamp"`
	Module    string      `json:"type"`
	Parsed    interface{} `json:"parsed"`
	Raw       string      `json:"raw"`
}

type NginxLogEntry

type NginxLogEntry struct {
	ApacheFormattedData string `json:"apacheFormattedData"`
	Referrer            string `json:"referrer"`
	UserAgent           string `json:"userAgent"`
}

type ParserModule

type ParserModule struct {
	Regex  *regexp.Regexp
	Schema map[string]string // field name -> type
}

type SyslogEntry

type SyslogEntry struct {
	Timestamp string `logfield:"timestamp"`
	Host      string `logfield:"host"`
	Process   string `logfield:"process"`
	PID       string `logfield:"pid"`
	Message   string `logfield:"message"`
}

type Target

type Target struct {
	Name     string            `yaml:"name"`
	Path     string            `yaml:"path"`
	Severity string            `yaml:"severity"`
	Custom   bool              `yaml:"custom"`
	Module   string            `yaml:"module,omitempty"`
	Regex    string            `yaml:"regex,omitempty"`
	Schema   map[string]string `yaml:"schema,omitempty"`
}

type YamlConfig

type YamlConfig struct {
	Targets []Target `yaml:"Targets"`
}