data_monitor/externaloutput.go at master · codeyourweb/data_monitor · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
package main

import (
	"bytes"
	"encoding/json"
	"fmt"
	"net/http"
	"time"
)

var messagesQueue = []normalizedPacketInformation{}

type normalizedPacketInformation struct {
	Timestamp        string `json:"timestamp"`
	MessageType      string `json:"message_type"`
	MessageCategory  string `json:"message_category"`
	Hostname         string `json:"hostname"`
	UserName         string `json:"username"`
	ProcessName      string `json:"process_name"`
	PID              int    `json:"pid"`
	Win32APIFunction string `json:"win32_api_function"`
	MainData         string `json:"main_data"`
	AdditionalData   string `json:"additional_data"`
}

func normalizePacketInformations(hostname string, messageType string, messageCategory string, username string, processName string, pid int, win32APIFunction string, mainData string, additionalData string) *normalizedPacketInformation {
	return &normalizedPacketInformation{
		Timestamp:        time.Now().UTC().Format("2006-01-02 15:04:05.000000"),
		MessageType:      messageType,
		MessageCategory:  messageCategory,
		Hostname:         hostname,
		UserName:         username,
		ProcessName:      processName,
		PID:              pid,
		Win32APIFunction: win32APIFunction,
		MainData:         mainData,
		AdditionalData:   additionalData,
	}
}

func addNewPacketToQueue(messageType string, messageCategory string, win32APIFunction string, mainData string, additionalData string) {
	if !AppConfig.DataMonitorHTTPForwardEvents.Enabled {
		return
	}

	normalizedPacket := normalizePacketInformations(hostname, messageType, messageCategory, username, processName, pid, win32APIFunction, mainData, additionalData)
	messagesQueue = append(messagesQueue, *normalizedPacket)
}

func sendPacketToUrlAddress(url string, headers *map[string]string) (int, error) {
	if len(messagesQueue) == 0 {
		return 0, nil
	}

	sendingQueue := messagesQueue
	messagesQueue = []normalizedPacketInformation{}

	packetJSON, err := json.Marshal(sendingQueue)
	if err != nil {
		return 0, fmt.Errorf("error marshaling packets to JSON: %v", err)
	}

	req, err := http.NewRequest("POST", url, bytes.NewBuffer(packetJSON))
	if err != nil {
		return 0, fmt.Errorf("error creating HTTP request: %v", err)
	}

	req.Header.Set("Content-Type", "application/json")
	if headers != nil {
		for key, value := range *headers {
			req.Header.Set(key, value)
		}
	}

	client := &http.Client{}
	resp, err := client.Do(req)
	if err != nil {
		return 0, fmt.Errorf("error sending packet to URL: %v", err)
	}
	defer resp.Body.Close()

	if resp.StatusCode != http.StatusAccepted && resp.StatusCode != http.StatusOK {
		return 0, fmt.Errorf("error response from server: %d - %s", resp.StatusCode, resp.Status)
	}

	return len(sendingQueue), nil
}