This repository has been archived by the owner on Oct 28, 2022. It is now read-only.
/
base.go
51 lines (42 loc) · 1.46 KB
/
base.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
package logdata
import (
"fmt"
"github.com/bonjourmalware/melody/internal/loggable"
)
// IPLogData is the interface used by packet structs supporting an IP layer
type IPLogData interface{}
// BaseLogData is used as the base packet log and contains common data, such as the timestamp
type BaseLogData struct {
Timestamp string `json:"timestamp"`
Session string `json:"session"`
Type string `json:"type"`
SourceIP string `json:"src_ip"`
DestPort uint16 `json:"dst_port"`
Tags map[string][]string `json:"matches"`
InlineTags []string `json:"inline_matches"`
Additional map[string]string `json:"embedded"`
}
// Init takes the common BaseEvent attributes to setup the BaseLogData struct
func (l *BaseLogData) Init(ev loggable.Loggable) {
l.Type = ev.GetKind()
l.SourceIP = ev.GetSourceIP()
l.DestPort = ev.GetDestPort()
l.Session = ev.GetSession()
l.InlineTags = []string{}
if len(ev.GetTags()) == 0 {
l.Tags = make(map[string][]string)
} else {
l.Tags = ev.GetTags()
l.InlineTags = makeInlineArray(ev.GetTags())
}
}
//makeInlineArray converts a Tags map to an array of its values with the keys and values merged with a '.'
func makeInlineArray(tags map[string][]string) []string {
var inlineTags []string
for key, values := range tags {
for _, val := range values {
inlineTags = append(inlineTags, fmt.Sprintf("%s.%s", key, val))
}
}
return inlineTags
}