-
Notifications
You must be signed in to change notification settings - Fork 0
/
inspector.go
94 lines (82 loc) · 1.91 KB
/
inspector.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
package core
import (
"bufio"
"io"
"os"
"time"
"github.com/hashicorp/go-hclog"
)
type Inspector interface {
Investigate()
OnError(err error)
ReportCrime(c *Crime)
}
type Investigator struct {
eventBus chan *Crime
errBus chan error
fPath string
rules []*HoodRule
lastPos int64
freq int
l hclog.Logger
}
func NewInvestigator(event chan *Crime, e chan error, fPath string, rules []*HoodRule, freq int, l hclog.Logger) *Investigator {
return &Investigator{
eventBus: event,
errBus: e,
rules: rules,
fPath: fPath,
lastPos: 0,
freq: freq,
l: l,
}
}
func (i *Investigator) Investigate() {
for {
fd, err := os.Open(i.fPath)
if err != nil {
i.OnError(err)
time.Sleep(time.Duration(i.freq) * time.Second)
continue
}
_, err = fd.Seek(i.lastPos, io.SeekStart)
if err != nil {
i.OnError(err)
time.Sleep(time.Duration(i.freq) * time.Second)
continue
}
scanner := bufio.NewScanner(fd)
for scanner.Scan() {
ln := scanner.Text()
// Looping through the rules for this 'hood for a match
// TODO: there must be a better way
for _, r := range i.rules {
if match := r.Regexp.MatchString(ln); match {
matches := r.Regexp.FindAllStringSubmatch(ln, -1)[0]
payload := make(map[string]string)
payload["event"] = matches[0]
for index := 1; index < len(matches); index++ {
payload[r.Tokens[index-1]] = matches[index]
}
i.ReportCrime(NewCrime(r.Name, payload))
}
}
}
if scanner.Err() != nil {
i.OnError(err)
time.Sleep(time.Duration(i.freq) * time.Second)
continue
}
// Update last position to current last line so we'll only check
// new lines next time
i.lastPos, _ = fd.Seek(0, io.SeekCurrent)
fd.Close()
time.Sleep(time.Duration(i.freq) * time.Second)
}
}
func (i *Investigator) OnError(e error) {
i.errBus <- e
}
func (i *Investigator) ReportCrime(c *Crime) {
i.eventBus <- c
}