cache

pyama86 · Feb 18, 2019 · faa297a · faa297a
1 parent 2394484
commit faa297a
Show file tree

Hide file tree

Showing 5 changed files with 37 additions and 7 deletions.
diff --git a/go.mod b/go.mod
@@ -41,6 +41,7 @@ require (
 	github.com/nicksnyder/go-i18n v1.10.0 // indirect
 	github.com/nlopes/slack v0.5.0
 	github.com/openzipkin/zipkin-go v0.1.5 // indirect
+	github.com/patrickmn/go-cache v2.1.0+incompatible
 	github.com/pelletier/go-toml v1.2.0 // indirect
 	github.com/peterh/liner v1.1.0 // indirect
 	github.com/pkg/errors v0.8.1 // indirect
@@ -78,6 +79,7 @@ require (
 	golang.org/x/perf v0.0.0-20190124201629-844a5f5b46f4 // indirect
 	golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a // indirect
 	golang.org/x/tools v0.0.0-20190214204934-8dcb7bc8c7fe // indirect
+	google.golang.org/appengine v1.4.0
 	google.golang.org/genproto v0.0.0-20190215211957-bd968387e4aa // indirect
 	google.golang.org/grpc v1.18.0 // indirect
 	gopkg.in/alecthomas/kingpin.v3-unstable v3.0.0-20180810215634-df19058c872c // indirect

diff --git a/go.sum b/go.sum
@@ -65,6 +65,7 @@ github.com/golang/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:tluoj9z5200j
 github.com/golang/lint v0.0.0-20181217174547-8f45f776aaf1/go.mod h1:tluoj9z5200jBnyusfRPU2LqT6J+DAorxEvtC7LHB+E=
 github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
 github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
+github.com/golang/protobuf v1.2.0 h1:P3YflyNX/ehuJFLhxviNdFxQPkGK5cDcApsge1SqnvM=
 github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/snappy v0.0.0-20180518054509-2e65f85255db/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
 github.com/gomodule/redigo v2.0.0+incompatible/go.mod h1:B4C85qUVwatsJoIUNIfCRsp7qO0iAmpGFZ4EELWSbC4=
@@ -146,6 +147,8 @@ github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1Cpa
 github.com/openzipkin/zipkin-go v0.1.1/go.mod h1:NtoC/o8u3JlF1lSlyPNswIbeQH9bJTmOf0Erfk+hxe8=
 github.com/openzipkin/zipkin-go v0.1.3/go.mod h1:NtoC/o8u3JlF1lSlyPNswIbeQH9bJTmOf0Erfk+hxe8=
 github.com/openzipkin/zipkin-go v0.1.5/go.mod h1:8NDCjKHoHW1XOp/vf3lClHem0b91r4433B67KXyKXAQ=
+github.com/patrickmn/go-cache v2.1.0+incompatible h1:HRMgzkcYKYpi3C8ajMPV8OFXaaRUnok+kx1WdO15EQc=
+github.com/patrickmn/go-cache v2.1.0+incompatible/go.mod h1:3Qf8kWWT7OJRJbdiICTKqZju1ZixQ/KpMGzzAfe6+WQ=
 github.com/pelletier/go-toml v1.2.0 h1:T5zMGML61Wp+FlcbWjRDT7yAxhJNAiPPLOFECq181zc=
 github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic=
 github.com/peterh/liner v1.1.0 h1:f+aAedNJA6uk7+6rXsYBnhdo4Xux7ESLe+kcuVUF5os=
@@ -256,6 +259,7 @@ golang.org/x/net v0.0.0-20181201002055-351d144fa1fc/go.mod h1:mL1N/T3taQHkDXs73r
 golang.org/x/net v0.0.0-20181217023233-e147a9138326/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20181220203305-927f97764cc3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20190213061140-3a22650c66bd h1:HuTn7WObtcDo9uEEU7rEqL0jYthdXAmZ6PP+meazmaU=
 golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20181017192945-9dcd33a902f4/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
@@ -297,6 +301,7 @@ google.golang.org/api v0.1.0/go.mod h1:UGEZY7KEX120AnNLIHFMKIo4obdJhkp2tPbaPlQx1
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/appengine v1.2.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/appengine v1.3.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
+google.golang.org/appengine v1.4.0 h1:/wp5JvzpHIxhs/dumFmF7BXTf3Z+dd4uXta4kVyO508=
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
 google.golang.org/genproto v0.0.0-20180831171423-11092d34479b/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=

diff --git a/main.go b/main.go
@@ -28,6 +28,7 @@ func main() {
 	if err != nil {
 		log.Fatal(err)
 	}
+
 	notifier := newNotifier(config)
 	stdin := bufio.NewScanner(os.Stdin)
 	if stdin.Scan() {

diff --git a/wazuh_notifier/config.go b/wazuh_notifier/config.go
@@ -23,13 +23,15 @@ func NewConfig(path string) (*Config, error) {
 }
 
 type Config struct {
-	Notifier   string
-	Endpoint   string
-	KibanaURL  string
-	Cert       string
-	Key        string
-	SlackToken string                 `toml:"slack_token"`
-	Groups     map[string]GroupConfig `toml:"groups"`
+	Notifier          string
+	Endpoint          string
+	KibanaURL         string
+	Cert              string
+	Key               string
+	SlackToken        string                 `toml:"slack_token"`
+	Groups            map[string]GroupConfig `toml:"groups"`
+	IgnoreHistoryFile string                 `toml:"ignore_history_file"`
+	IgnoreRepeatedMin int                    `toml:"ignore_repeated_min"`
 }
 
 type GroupConfig struct {
@@ -40,4 +42,6 @@ type GroupConfig struct {
 func defaultConfig(c *Config) {
 	c.Notifier = "slack"
 	c.Endpoint = "https://127.0.0.1:55000"
+	c.IgnoreHistoryFile = "/tmp/.wazuh_history"
+	c.IgnoreRepeatedMin = 3
 }
diff --git a/wazuh_notifier/slack.go b/wazuh_notifier/slack.go
@@ -3,25 +3,33 @@ package wazuh_notifier
 import (
 	"errors"
 	"fmt"
+	"time"
 
 	"github.com/nlopes/slack"
+	"github.com/patrickmn/go-cache"
+	gocache "github.com/patrickmn/go-cache"
 )
 
 type Slack struct {
 	c     *Config
 	api   *slack.Client
 	wazuh *Wazuh
+	cache *gocache.Cache
 }
 
 func NewSlack(c *Config) *Slack {
+	cache := gocache.New(time.Duration(c.IgnoreRepeatedMin)*time.Minute, 5*time.Minute)
+	cache.LoadFile(c.IgnoreHistoryFile)
 	return &Slack{
 		c:     c,
 		api:   slack.New(c.SlackToken),
 		wazuh: NewWazuh(c),
+		cache: cache,
 	}
 }
 
 func (s *Slack) Notify(a *Alert) error {
+	defer s.cache.DeleteExpired()
 	color := "danger"
 	if a.Rule.Level <= 4 {
 		color = "good"
@@ -54,6 +62,14 @@ func (s *Slack) Notify(a *Alert) error {
 		return err
 	}
 	for _, g := range groups {
+		ruleID, found := s.cache.Get(g)
+		if found {
+			if ruleID == a.Rule.ID {
+				fmt.Printf("skip notify group %s, ruleid %s\n", g, a.Rule.ID)
+				continue
+			}
+		}
+
 		gd, ok := s.c.Groups[g]
 		if !ok || gd.SlackChannel == "" {
 			continue
@@ -89,7 +105,9 @@ func (s *Slack) Notify(a *Alert) error {
 		if err != nil {
 			return err
 		}
+		s.cache.Set(g, a.Rule.ID, cache.DefaultExpiration)
 	}
+	s.cache.SaveFile(s.c.IgnoreHistoryFile)
 	return nil
 }