-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathl9helper.go
151 lines (141 loc) · 3.54 KB
/
l9helper.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
package l9format
import (
"bufio"
"errors"
"fmt"
"hash/fnv"
"strings"
)
var fingerPrintLength = 32
var hashLength = 4 // fnv.New32
var prefixLength = fingerPrintLength-hashLength
func (event *L9Event) UpdateFingerprint() error {
hasher := fnv.New32()
summaryScanner := bufio.NewScanner(strings.NewReader(event.Summary))
var fullHash []byte
// Hash source
n, err := hasher.Write([]byte(event.EventSource))
if err != nil || n != len(event.EventSource) {
return errors.New("event hashing error")
}
fullHash = append(fullHash, hasher.Sum([]byte{})...)
// Hash 2 first bytes if any
if len(event.Summary) >= 2 {
n, err = hasher.Write([]byte(event.Summary[0:2]))
if err != nil || n != 2 {
return errors.New("event hashing error")
}
fullHash = append(fullHash, hasher.Sum([]byte{})...)
}
// Complete hash with each line
for summaryScanner.Scan() {
// Except date:
if strings.HasPrefix(strings.ToLower(summaryScanner.Text()), "date:") {
continue
}
n, err = hasher.Write(summaryScanner.Bytes())
if err != nil || n != len(summaryScanner.Bytes()) {
return errors.New("event hashing error")
}
fullHash = append(fullHash, hasher.Sum([]byte{})...)
if len(fullHash) >= prefixLength {
break
}
}
// Pad our hash if we're out of data
for len(fullHash) < prefixLength {
fullHash = append(fullHash, hasher.Sum([]byte{})...)
}
n, err = hasher.Write([]byte(event.Summary))
if err != nil || n != len(event.Summary) {
return errors.New("event hashing error")
}
fullHash = append(fullHash, hasher.Sum([]byte{})...)
// Final check
if len(fullHash) != fingerPrintLength {
return errors.New("event hashing error, blame the author")
}
event.EventFingerprint = fmt.Sprintf("%x", fullHash)
return nil
}
func (event *L9Event) HasTag(tag string) bool {
for _, eventTag := range event.Tags {
if eventTag == tag {
return true
}
}
return false
}
func (event *L9Event) AddTag(tag string) {
if !event.HasTag(tag) {
event.Tags = append(event.Tags, tag)
}
}
func (event *L9Event) RemoveTransport(transportCheck string) {
transports := event.Transports
event.Transports = []string{}
for _, transport := range transports {
if transport != transportCheck {
event.Transports = append(event.Transports, transport)
}
}
}
func (event *L9Event) HasTransport(transport string) bool {
for _, check := range event.Transports {
if check == transport {
return true
}
}
return false
}
func (event *L9Event) HasSource(source string) bool {
for _, check := range event.EventPipeline {
if check == source {
return true
}
}
return false
}
func (event *L9Event) AddSource(source string) {
event.EventPipeline = append(event.EventPipeline, source)
event.EventSource = source
}
func (event *L9Event) MatchServicePlugin(plugin ServicePluginInterface) bool {
for _, eventProtocol := range plugin.GetProtocols() {
if eventProtocol == event.Protocol {
return true
}
}
return false
}
func (event *L9Event) Url() string {
var host string
var scheme string
var path string
host = event.Host
if len(host) < 1 {
host = event.Ip
if strings.Contains(event.Ip, ":") && !strings.Contains(event.Ip, "[") {
host = "[" + event.Ip + "]"
}
}
if event.HasTransport("http") {
if event.HasTransport("tls") {
if event.Port != "443" {
host += ":" + event.Port
}
scheme = "https"
} else {
if event.Port != "80" {
host += ":" + event.Port
}
scheme = "http"
}
}
if len(event.Http.Url) > 1 {
path = event.Http.Url
} else if len(event.Http.Root) > 1 {
path = event.Http.Root
}
return scheme + "://" + host + path
}