-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathparser.go
54 lines (44 loc) · 1.43 KB
/
parser.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
package main
import (
"errors"
"net"
"regexp"
"strconv"
"time"
)
// EventParser provides the logic to map from a raw event to a FailedConnEvent
type EventParser interface {
Parse(s string) (FailedConnEvent, error)
}
// NewFailedConnEventParser returns an implementation of EventParser
func NewFailedConnEventParser() EventParser {
return failedConnEventParser{}
}
type failedConnEventParser struct{}
var (
errWrongFormat = errors.New("wrong event format")
eRegex = regexp.MustCompile(`^(?P<ts>[a-zA-Z]{3} {1,2}[0-9]{1,2} [0-9]{1,2}.[0-9]{1,2}.[0-9]{1,2}).*: Invalid user (?P<U>\w+) from (?P<I>[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}) port (?P<port>([0-9]{5,6}))`)
)
func (p failedConnEventParser) Parse(s string) (FailedConnEvent, error) {
rs := eRegex.FindStringSubmatch(s)
if len(rs) != 6 {
return FailedConnEvent{}, errWrongFormat
}
portNumber, err := strconv.Atoi(rs[4])
if err != nil {
return FailedConnEvent{}, errWrongFormat
}
ts, err := time.Parse(time.Stamp, rs[1])
if err != nil {
return FailedConnEvent{}, errWrongFormat
}
// The logs do not have information about the year, so we're just assuming we're parsing current year logs
ts = time.Date(time.Now().Year(), ts.Month(), ts.Day(), ts.Hour(), ts.Minute(), ts.Second(), ts.Nanosecond(), time.UTC)
return FailedConnEvent{
Username: rs[2],
IPAddress: net.ParseIP(rs[3]),
Port: portNumber,
Timestamp: ts,
Country: "unknown",
}, nil
}