89 lines
3.4 KiB
Go
89 lines
3.4 KiB
Go
package datadogunifi
|
|
|
|
import (
|
|
"fmt"
|
|
"strconv"
|
|
"time"
|
|
|
|
"github.com/unpoller/unifi"
|
|
)
|
|
|
|
const (
|
|
alarmT = item("Alarm")
|
|
anomalyT = item("Anomaly")
|
|
)
|
|
|
|
// batchAlarms generates alarm events and logs for Datadog.
|
|
func (u *DatadogUnifi) batchAlarms(r report, event *unifi.Alarm) { // nolint:dupl
|
|
if time.Since(event.Datetime) > u.Interval.Duration+time.Second {
|
|
return // The event is older than our interval, ignore it.
|
|
}
|
|
|
|
tagMap := map[string]string{
|
|
"dst_port": strconv.Itoa(event.DestPort),
|
|
"src_port": strconv.Itoa(event.SrcPort),
|
|
"dest_ip": event.DestIP,
|
|
"dst_mac": event.DstMAC,
|
|
"host": event.Host,
|
|
"msg": event.Msg,
|
|
"src_ip": event.SrcIP,
|
|
"src_mac": event.SrcMAC,
|
|
"dst_ip_asn": fmt.Sprintf("%d", event.DestIPGeo.Asn),
|
|
"dst_ip_latitude": fmt.Sprintf("%0.6f", event.DestIPGeo.Latitude),
|
|
"dst_ip_longitude": fmt.Sprintf("%0.6f", event.DestIPGeo.Longitude),
|
|
"dst_ip_city": event.DestIPGeo.City,
|
|
"dst_ip_continent_code": event.DestIPGeo.ContinentCode,
|
|
"dst_ip_country_code": event.DestIPGeo.CountryCode,
|
|
"dst_ip_country_name": event.DestIPGeo.CountryName,
|
|
"dst_ip_organization": event.DestIPGeo.Organization,
|
|
"src_ip_asn": fmt.Sprintf("%d", event.SourceIPGeo.Asn),
|
|
"src_ip_latitude": fmt.Sprintf("%0.6f", event.SourceIPGeo.Latitude),
|
|
"src_ip_longitude": fmt.Sprintf("%0.6f", event.SourceIPGeo.Longitude),
|
|
"src_ip_city": event.SourceIPGeo.City,
|
|
"src_ip_continent_code": event.SourceIPGeo.ContinentCode,
|
|
"src_ip_country_code": event.SourceIPGeo.CountryCode,
|
|
"src_ip_country_name": event.SourceIPGeo.CountryName,
|
|
"src_ip_organization": event.SourceIPGeo.Organization,
|
|
"site_name": event.SiteName,
|
|
"source": event.SourceName,
|
|
"in_iface": event.InIface,
|
|
"event_type": event.EventType,
|
|
"subsystem": event.Subsystem,
|
|
"archived": event.Archived.Txt,
|
|
"usg_ip": event.USGIP,
|
|
"proto": event.Proto,
|
|
"key": event.Key,
|
|
"catname": event.Catname,
|
|
"app_proto": event.AppProto,
|
|
"action": event.InnerAlertAction,
|
|
}
|
|
r.addCount(alarmT)
|
|
|
|
tagMap = cleanTags(tagMap)
|
|
tags := tagMapToTags(tagMap)
|
|
title := fmt.Sprintf("[%s][%s] Alarm at %s from %s", event.EventType, event.Catname, event.SiteName, event.SourceName)
|
|
_ = r.reportEvent(title, event.Datetime, event.Msg, tags)
|
|
r.reportWarnLog(fmt.Sprintf("[%d] %s: %s - %s", event.Datetime.Unix(), title, event.Msg, tagMapToSimpleStrings(tagMap)))
|
|
}
|
|
|
|
// batchAnomaly generates Anomalies from UniFi for Datadog.
|
|
func (u *DatadogUnifi) batchAnomaly(r report, event *unifi.Anomaly) {
|
|
if time.Since(event.Datetime) > u.Interval.Duration+time.Second {
|
|
return // The event is older than our interval, ignore it.
|
|
}
|
|
|
|
r.addCount(anomalyT)
|
|
|
|
tagMap := cleanTags(map[string]string{
|
|
"application": "unifi_anomaly",
|
|
"source": event.SourceName,
|
|
"site_name": event.SiteName,
|
|
"device_mac": event.DeviceMAC,
|
|
})
|
|
tags := tagMapToTags(tagMap)
|
|
|
|
title := fmt.Sprintf("Anomaly detected at %s from %s", event.SiteName, event.SourceName)
|
|
_ = r.reportEvent(title, event.Datetime, event.Anomaly, tags)
|
|
r.reportWarnLog(fmt.Sprintf("[%d] %s: %s - %s", event.Datetime.Unix(), title, event.Anomaly, tagMapToSimpleStrings(tagMap)))
|
|
}
|