separate metrics and events
This commit is contained in:
davidnewhall2
parent
089b31fc2b
commit
cb2218ecaa
|
|
@ -5,25 +5,8 @@ import (
|
|||
)
|
||||
|
||||
// batchIDS generates intrusion detection datapoints for InfluxDB.
|
||||
func (u *InfluxUnifi) batchIDS(r report, i *unifi.IDS) { // nolint: funlen
|
||||
func (u *InfluxUnifi) batchIDS(r report, i *unifi.IDS) {
|
||||
fields := map[string]interface{}{
|
||||
/*
|
||||
"site_id": i.SiteID,
|
||||
"dstipASN": i.DstIPASN,
|
||||
"dstipCountry": i.DstIPCountry,
|
||||
"flow_id": i.FlowID,
|
||||
"inner_alert_category": i.InnerAlertCategory,
|
||||
"inner_alert_signature": i.InnerAlertSignature,
|
||||
"inner_alert_rev": i.InnerAlertRev,
|
||||
"inner_alert_severity": i.InnerAlertSeverity,
|
||||
"inner_alert_gid": i.InnerAlertGID,
|
||||
"inner_alert_signature_id": i.InnerAlertSignatureID,
|
||||
"srcipASN": i.SrcIPASN,
|
||||
"srcipCountry": i.SrcIPCountry,
|
||||
"unique_alertid": i.UniqueAlertID,
|
||||
"usgipASN": i.UsgIPASN,
|
||||
"usgipCountry": i.UsgIPCountry,
|
||||
*/
|
||||
"dest_port": i.DestPort,
|
||||
"src_port": i.SrcPort,
|
||||
"dest_ip": i.DestIP,
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@ go 1.14
|
|||
require (
|
||||
github.com/influxdata/influxdb1-client v0.0.0-20200515024757-02f0bf5dbca3
|
||||
github.com/pkg/errors v0.9.1
|
||||
github.com/unifi-poller/poller v0.0.8-0.20200621095143-fae3e391ade8
|
||||
github.com/unifi-poller/poller v0.0.8-0.20200621110949-33f1a1454d10
|
||||
github.com/unifi-poller/unifi v0.0.5-0.20200621075746-253ccae7e106
|
||||
golift.io/cnfg v0.0.5
|
||||
)
|
||||
|
|
|
|||
|
|
@ -98,6 +98,12 @@ github.com/unifi-poller/poller v0.0.8-0.20200621091816-fd5c7abd9f4b h1:AJKt/ZIDt
|
|||
github.com/unifi-poller/poller v0.0.8-0.20200621091816-fd5c7abd9f4b/go.mod h1:+Ppksi2wBCrByJke0B0lTutxFtKfv1zx6L1haALBrN4=
|
||||
github.com/unifi-poller/poller v0.0.8-0.20200621095143-fae3e391ade8 h1:GqWHa6Al2BJkbfF9SAEJIokpIOJjKIPvEXyMdppVGYo=
|
||||
github.com/unifi-poller/poller v0.0.8-0.20200621095143-fae3e391ade8/go.mod h1:+Ppksi2wBCrByJke0B0lTutxFtKfv1zx6L1haALBrN4=
|
||||
github.com/unifi-poller/poller v0.0.8-0.20200621101255-6d0d0b288ece h1:EsyR6cKuwAKzddS4gsKDugfN+OEHCm7bhNOvEfBCWWA=
|
||||
github.com/unifi-poller/poller v0.0.8-0.20200621101255-6d0d0b288ece/go.mod h1:+Ppksi2wBCrByJke0B0lTutxFtKfv1zx6L1haALBrN4=
|
||||
github.com/unifi-poller/poller v0.0.8-0.20200621103717-5f3d60890ed6 h1:V19WgXwjXxGY75Mn8Hc5Whl3+BC71YSGatRvKVRh9pA=
|
||||
github.com/unifi-poller/poller v0.0.8-0.20200621103717-5f3d60890ed6/go.mod h1:+Ppksi2wBCrByJke0B0lTutxFtKfv1zx6L1haALBrN4=
|
||||
github.com/unifi-poller/poller v0.0.8-0.20200621110949-33f1a1454d10 h1:1rGP4ISFpBj9xjJDXNak7EdaQtyoy3MwMZzo2+W1PLo=
|
||||
github.com/unifi-poller/poller v0.0.8-0.20200621110949-33f1a1454d10/go.mod h1:+Ppksi2wBCrByJke0B0lTutxFtKfv1zx6L1haALBrN4=
|
||||
github.com/unifi-poller/promunifi v0.0.9-0.20200620104707-26208eb4336b h1:HgmbS5cKfvw3x0ie6IV/FfhxNtKwAvICKxXL7gg2sgM=
|
||||
github.com/unifi-poller/promunifi v0.0.9-0.20200620104707-26208eb4336b/go.mod h1:jOcYehhsOrs4ctswSKEqGuqSgVBpConaWmRYskycbUc=
|
||||
github.com/unifi-poller/unifi v0.0.5-0.20200619092006-d24c776a42f5/go.mod h1:L1kMRH2buZhB31vZnRC1im7Tk/4uD3ET4biwl2faYy8=
|
||||
|
|
|
|||
|
|
@ -73,13 +73,19 @@ func (u *InfluxUnifi) PollController() {
|
|||
log.Printf("[INFO] Everything checks out! Poller started, InfluxDB interval: %v", interval)
|
||||
|
||||
for u.LastCheck = range ticker.C {
|
||||
metrics, err := u.Collector.Metrics(&poller.Filter{Name: "unifi", Dur: interval})
|
||||
metrics, err := u.Collector.Metrics(&poller.Filter{Name: "unifi"})
|
||||
if err != nil {
|
||||
u.Collector.LogErrorf("metric fetch for InfluxDB failed: %v", err)
|
||||
continue
|
||||
}
|
||||
|
||||
report, err := u.ReportMetrics(metrics)
|
||||
events, err := u.Collector.Events(&poller.Filter{Name: "unifi", Dur: interval})
|
||||
if err != nil {
|
||||
u.Collector.LogErrorf("event fetch for InfluxDB failed: %v", err)
|
||||
continue
|
||||
}
|
||||
|
||||
report, err := u.ReportMetrics(metrics, events)
|
||||
if err != nil {
|
||||
// XXX: reset and re-auth? not sure..
|
||||
u.Collector.LogErrorf("%v", err)
|
||||
|
|
@ -159,8 +165,8 @@ func (u *InfluxUnifi) getPassFromFile(filename string) string {
|
|||
// ReportMetrics batches all device and client data into influxdb data points.
|
||||
// Call this after you've collected all the data you care about.
|
||||
// Returns an error if influxdb calls fail, otherwise returns a report.
|
||||
func (u *InfluxUnifi) ReportMetrics(m *poller.Metrics) (*Report, error) {
|
||||
r := &Report{Metrics: m, ch: make(chan *metric), Start: time.Now()}
|
||||
func (u *InfluxUnifi) ReportMetrics(m *poller.Metrics, e *poller.Events) (*Report, error) {
|
||||
r := &Report{Metrics: m, Events: e, ch: make(chan *metric), Start: time.Now()}
|
||||
defer close(r.ch)
|
||||
|
||||
var err error
|
||||
|
|
@ -230,12 +236,13 @@ func (u *InfluxUnifi) loopPoints(r report) {
|
|||
u.batchClient(r, s)
|
||||
}
|
||||
|
||||
for _, s := range m.IDSList {
|
||||
u.batchIDS(r, s)
|
||||
}
|
||||
|
||||
for _, s := range m.Events {
|
||||
u.batchEvent(r, s)
|
||||
for _, s := range r.events().Logs {
|
||||
switch v := s.(type) {
|
||||
case *unifi.Event:
|
||||
u.batchEvent(r, v)
|
||||
case *unifi.IDS:
|
||||
u.batchIDS(r, v)
|
||||
}
|
||||
}
|
||||
|
||||
u.loopDevicePoints(r)
|
||||
|
|
@ -269,9 +276,9 @@ func (u *InfluxUnifi) loopDevicePoints(r report) {
|
|||
func (u *InfluxUnifi) LogInfluxReport(r *Report) {
|
||||
m := r.Metrics
|
||||
u.Collector.Logf("UniFi Metrics Recorded. Sites: %d, Clients: %d, "+
|
||||
"UAP: %d, USG/UDM: %d, USW: %d, IDS/Events: %d/%d, Points: %d, "+
|
||||
"UAP: %d, USG/UDM: %d, USW: %d, IDS+Events: %d, Points: %d, "+
|
||||
"Fields: %d, Errs: %d, Elapsed: %v",
|
||||
len(m.Sites), len(m.Clients), len(m.UAPs), len(m.UDMs)+len(m.USGs),
|
||||
len(m.USWs), len(m.IDSList), len(m.Events), r.Total,
|
||||
len(m.USWs), len(r.Events.Logs), r.Total,
|
||||
r.Fields, len(r.Errors), r.Elapsed.Round(time.Millisecond))
|
||||
}
|
||||
|
|
|
|||
|
|
@ -11,6 +11,7 @@ import (
|
|||
// Report is returned to the calling procedure after everything is processed.
|
||||
type Report struct {
|
||||
Metrics *poller.Metrics
|
||||
Events *poller.Events
|
||||
Errors []error
|
||||
Total int
|
||||
Fields int
|
||||
|
|
@ -21,7 +22,7 @@ type Report struct {
|
|||
bp influx.BatchPoints
|
||||
}
|
||||
|
||||
// report is an internal interface that can be mocked and overrridden for tests.
|
||||
// report is an internal interface that can be mocked and overridden for tests.
|
||||
type report interface {
|
||||
add()
|
||||
done()
|
||||
|
|
@ -29,12 +30,17 @@ type report interface {
|
|||
error(err error)
|
||||
batch(m *metric, pt *influx.Point)
|
||||
metrics() *poller.Metrics
|
||||
events() *poller.Events
|
||||
}
|
||||
|
||||
func (r *Report) metrics() *poller.Metrics {
|
||||
return r.Metrics
|
||||
}
|
||||
|
||||
func (r *Report) events() *poller.Events {
|
||||
return r.Events
|
||||
}
|
||||
|
||||
func (r *Report) add() {
|
||||
r.wg.Add(1)
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue