45 lines
1.3 KiB
Go
45 lines
1.3 KiB
Go
package influxunifi
|
|
|
|
import (
|
|
influx "github.com/influxdata/influxdb1-client/v2"
|
|
"golift.io/unifi"
|
|
)
|
|
|
|
// IDSPoints generates intrusion detection datapoints for InfluxDB.
|
|
// These points can be passed directly to influx.
|
|
func IDSPoints(i *unifi.IDS) ([]*influx.Point, error) {
|
|
tags := map[string]string{
|
|
"in_iface": i.InIface,
|
|
"event_type": i.EventType,
|
|
"proto": i.Proto,
|
|
"app_proto": i.AppProto,
|
|
"usgip": i.Usgip,
|
|
"country_code": i.SrcipGeo.CountryCode,
|
|
"country_name": i.SrcipGeo.CountryName,
|
|
"region": i.SrcipGeo.Region,
|
|
"city": i.SrcipGeo.City,
|
|
"postal_code": i.SrcipGeo.PostalCode,
|
|
"srcipASN": i.SrcipASN,
|
|
"usgipASN": i.UsgipASN,
|
|
"alert_category": i.InnerAlertCategory,
|
|
"subsystem": i.Subsystem,
|
|
"catname": i.Catname,
|
|
}
|
|
fields := map[string]interface{}{
|
|
"event_type": i.EventType,
|
|
"proto": i.Proto,
|
|
"app_proto": i.AppProto,
|
|
"usgip": i.Usgip,
|
|
"country_name": i.SrcipGeo.CountryName,
|
|
"city": i.SrcipGeo.City,
|
|
"postal_code": i.SrcipGeo.PostalCode,
|
|
"srcipASN": i.SrcipASN,
|
|
"usgipASN": i.UsgipASN,
|
|
}
|
|
pt, err := influx.NewPoint("intrusion_detect", tags, fields, i.Datetime)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return []*influx.Point{pt}, nil
|
|
}
|