/
ids.go
42 lines (39 loc) · 1.23 KB
/
ids.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
package influxunifi
import (
"golift.io/unifi"
)
// batchIDS generates intrusion detection datapoints for InfluxDB.
// These points can be passed directly to influx.
func (u *InfluxUnifi) batchIDS(r report, i *unifi.IDS) {
tags := map[string]string{
"site_name": i.SiteName,
"source": i.SourceName,
"in_iface": i.InIface,
"event_type": i.EventType,
"proto": i.Proto,
"app_proto": i.AppProto,
"usgip": i.Usgip,
"country_code": i.SrcipGeo.CountryCode,
"country_name": i.SrcipGeo.CountryName,
"region": i.SrcipGeo.Region,
"city": i.SrcipGeo.City,
"postal_code": i.SrcipGeo.PostalCode,
"srcipASN": i.SrcipASN,
"usgipASN": i.UsgipASN,
"alert_category": i.InnerAlertCategory,
"subsystem": i.Subsystem,
"catname": i.Catname,
}
fields := map[string]interface{}{
"event_type": i.EventType,
"proto": i.Proto,
"app_proto": i.AppProto,
"usgip": i.Usgip,
"country_name": i.SrcipGeo.CountryName,
"city": i.SrcipGeo.City,
"postal_code": i.SrcipGeo.PostalCode,
"srcipASN": i.SrcipASN,
"usgipASN": i.UsgipASN,
}
r.send(&metric{Table: "intrusion_detect", Tags: tags, Fields: fields})
}