1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
|
// balboa
// Copyright (c) 2018, DCSO GmbH
package format
import (
"encoding/json"
"time"
"github.com/DCSO/balboa/observation"
log "github.com/sirupsen/logrus"
)
type rdata struct {
AnsweringHost string `json:"answering_host"`
Count uint `json:"count"`
Rcode string `json:"rcode"`
Rdata string `json:"rdata"`
Rrtype string `json:"rrtype"`
Type string `json:"type"`
}
type inputJSONstruct struct {
DNS map[string]struct {
Rdata []rdata `json:"rdata"`
} `json:"dns"`
TimestampEnd time.Time `json:"timestamp_end"`
TimestampStart time.Time `json:"timestamp_start"`
}
// MakeFeverAggregateInputObservations is a MakeObservationFunc that accepts
// input in FEVER's JSON format.
func MakeFeverAggregateInputObservations(inputJSON []byte, sensorID string, out chan observation.InputObservation, stop chan bool) error {
var in inputJSONstruct
var i int64
err := json.Unmarshal(inputJSON, &in)
if err != nil {
log.Warn(err)
return nil
}
for k, v := range in.DNS {
select {
case <-stop:
return nil
default:
for _, v2 := range v.Rdata {
select {
case <-stop:
return nil
default:
o := observation.InputObservation{
Count: v2.Count,
Rdata: v2.Rdata,
Rrname: k,
Rrtype: v2.Rrtype,
SensorID: sensorID,
TimestampEnd: in.TimestampEnd,
TimestampStart: in.TimestampStart,
}
i++
out <- o
}
}
}
}
log.Infof("enqueued %d observations", i)
return nil
}
|
