Skip to content

Commit

Permalink
feat: add thread capabilities
Browse files Browse the repository at this point in the history
Ref: EXP-2878
Signed-off-by: Mauro Sardara <[email protected]>
  • Loading branch information
msardara committed Jun 5, 2024
1 parent 856e158 commit d37ed0c
Show file tree
Hide file tree
Showing 60 changed files with 238 additions and 153 deletions.
2 changes: 1 addition & 1 deletion Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ INSTALL_PATH=/usr/local/sysflow

.PHONY: build
build: version deps
cd $(SRC) && $(GOBUILD) -o $(OUTPUT) -v
cd $(SRC) && CGO_ENABLED=0 $(GOBUILD) -o $(OUTPUT) -v

.PHONY: package
package:
Expand Down
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ The SysFlow Telemetry Pipeline is a framework for monitoring cloud workloads and

The SysFlow framework consists of the following sub-projects:

- [sf-apis](https://github.com/sysflow-telemetry/sf-apis) provides the SysFlow schema and programatic APIs in go, python, and C++.
- [sf-apis](https://github.com/cisco-eti/sf-apis) provides the SysFlow schema and programatic APIs in go, python, and C++.
- [sf-collector](https://github.com/sysflow-telemetry/sf-collector) monitors and collects system call and event information from hosts and exports them in the SysFlow format using Apache Avro object serialization.
- [sf-processor](https://github.com/sysflow-telemetry/sf-processor) provides a performance optimized policy engine for processing, enriching, filtering SysFlow events, generating alerts, and exporting the processed data to various targets.
- [sf-exporter](https://github.com/sysflow-telemetry/sf-exporter) exports SysFlow traces to S3-compliant storage systems for archival purposes.
Expand Down
2 changes: 1 addition & 1 deletion core/cache/tables.go
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@
package cache

import (
"github.com/sysflow-telemetry/sf-apis/go/sfgo"
"github.com/cisco-eti/sf-apis/go/sfgo"
)

// SFTables defines thread-safe shared cache for plugins for storing SysFlow entities.
Expand Down
2 changes: 1 addition & 1 deletion core/exporter/commons/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ package commons
import (
"strconv"

"github.com/sysflow-telemetry/sf-apis/go/secrets"
"github.com/cisco-eti/sf-apis/go/secrets"
)

// Configuration keys.
Expand Down
24 changes: 16 additions & 8 deletions core/exporter/encoders/ecs.go
Original file line number Diff line number Diff line change
Expand Up @@ -30,8 +30,8 @@ import (
"strings"

"github.com/cespare/xxhash/v2"
"github.com/cisco-eti/sf-apis/go/sfgo"
"github.com/satta/gommunityid"
"github.com/sysflow-telemetry/sf-apis/go/sfgo"
"github.com/sysflow-telemetry/sf-processor/core/exporter/commons"
"github.com/sysflow-telemetry/sf-processor/core/exporter/utils"
"github.com/sysflow-telemetry/sf-processor/core/policyengine/policy"
Expand Down Expand Up @@ -470,14 +470,22 @@ func encodeUser(rec *flatrecord.Record) JSONData {
// encodeProcess creates an ECS process field including the nested parent process.
func encodeProcess(rec *flatrecord.Record) JSONData {
exe := flatrecord.Mapper.MapStr(flatrecord.SF_PROC_EXE)(rec)

capPerm := flatrecord.Mapper.MapStr(flatrecord.SF_PROC_CAP_PERMITTED)(rec)
capEff := flatrecord.Mapper.MapStr(flatrecord.SF_PROC_CAP_EFFECTIVE)(rec)
capInherit := flatrecord.Mapper.MapStr(flatrecord.SF_PROC_CAP_INHERITABLE)(rec)

process := JSONData{
ECS_PROC_EXE: exe,
ECS_PROC_ARGS: flatrecord.Mapper.MapStr(flatrecord.SF_PROC_ARGS)(rec),
ECS_PROC_CMDLINE: flatrecord.Mapper.MapStr(flatrecord.SF_PROC_CMDLINE)(rec),
ECS_PROC_PID: flatrecord.Mapper.MapInt(flatrecord.SF_PROC_PID)(rec),
ECS_PROC_START: utils.ToIsoTimeStr(flatrecord.Mapper.MapInt(flatrecord.SF_PROC_CREATETS)(rec)),
ECS_PROC_NAME: path.Base(exe),
ECS_PROC_THREAD: JSONData{ECS_PROC_TID: flatrecord.Mapper.MapInt(flatrecord.SF_PROC_TID)(rec)},
ECS_PROC_EXE: exe,
ECS_PROC_ARGS: flatrecord.Mapper.MapStr(flatrecord.SF_PROC_ARGS)(rec),
ECS_PROC_CMDLINE: flatrecord.Mapper.MapStr(flatrecord.SF_PROC_CMDLINE)(rec),
ECS_PROC_PID: flatrecord.Mapper.MapInt(flatrecord.SF_PROC_PID)(rec),
ECS_PROC_START: utils.ToIsoTimeStr(flatrecord.Mapper.MapInt(flatrecord.SF_PROC_CREATETS)(rec)),
ECS_PROC_NAME: path.Base(exe),
ECS_PROC_THREAD: JSONData{ECS_PROC_TID: flatrecord.Mapper.MapInt(flatrecord.SF_PROC_TID)(rec)},
ECS_PROC_CAP_PERMITTED: capPerm,
ECS_PROC_CAP_EFFECTIVE: capEff,
ECS_PROC_CAP_INHERITED: capInherit,
}
pexe := flatrecord.Mapper.MapStr(flatrecord.SF_PPROC_EXE)(rec)
parent := JSONData{
Expand Down
23 changes: 13 additions & 10 deletions core/exporter/encoders/ecsconstants.go
Original file line number Diff line number Diff line change
Expand Up @@ -93,16 +93,19 @@ const (
ECS_POD_INTERNALIP = "internalip"
ECS_POD_RESTARTCOUNT = "restartcnt"

ECS_PROC_ARGS_COUNT = "args_count"
ECS_PROC_ARGS = "args"
ECS_PROC_CMDLINE = "command_line"
ECS_PROC_EXE = "executable"
ECS_PROC_NAME = "name"
ECS_PROC_PARENT = "parent"
ECS_PROC_PID = "pid"
ECS_PROC_THREAD = "thread"
ECS_PROC_TID = "id"
ECS_PROC_START = "start"
ECS_PROC_ARGS_COUNT = "args_count"
ECS_PROC_ARGS = "args"
ECS_PROC_CMDLINE = "command_line"
ECS_PROC_EXE = "executable"
ECS_PROC_NAME = "name"
ECS_PROC_PARENT = "parent"
ECS_PROC_PID = "pid"
ECS_PROC_THREAD = "thread"
ECS_PROC_TID = "id"
ECS_PROC_CAP_PERMITTED = "cap_permitted"
ECS_PROC_CAP_INHERITED = "cap_inherited"
ECS_PROC_CAP_EFFECTIVE = "cap_effective"
ECS_PROC_START = "start"

ECS_SF_FA_RBYTES = "bytes_read"
ECS_SF_FA_ROPS = "read_ops"
Expand Down
6 changes: 5 additions & 1 deletion core/exporter/encoders/json.go
Original file line number Diff line number Diff line change
Expand Up @@ -22,13 +22,15 @@
package encoders

import (
"fmt"
"path/filepath"
"reflect"
"strings"
"unicode/utf8"

"github.com/cisco-eti/sf-apis/go/logger"
"github.com/cisco-eti/sf-apis/go/sfgo"
"github.com/mailru/easyjson/jwriter"
"github.com/sysflow-telemetry/sf-apis/go/sfgo"
"github.com/sysflow-telemetry/sf-processor/core/exporter/commons"
"github.com/sysflow-telemetry/sf-processor/core/exporter/utils"
"github.com/sysflow-telemetry/sf-processor/core/policyengine/source/flatrecord"
Expand Down Expand Up @@ -140,6 +142,7 @@ func (t *JSONEncoder) encode(rec *flatrecord.Record) (commons.EncodedData, error

switch fv.Entry.Section {
case flatrecord.SectProc:
fmt.Println(fv)
if state != PROC_STATE {
if state != BEGIN_STATE && existed {
t.writer.RawString(END_CURLY_COMMA)
Expand Down Expand Up @@ -504,6 +507,7 @@ func MapJSON(fv *flatrecord.FieldValue, writer *jwriter.Writer, r *flatrecord.Re
switch fv.Entry.Type {
case flatrecord.MapStrVal:
v := r.GetStr(fv.Entry.FlatIndex, fv.Entry.Source)
logger.Info.Println("Mapping string value.", v, " Source: ", fv.Entry.Source, "flat index", fv.Entry.FlatIndex)
writer.String(utils.TrimBoundingQuotes(v))
case flatrecord.MapIntVal:
writer.Int64(r.GetInt(fv.Entry.FlatIndex, fv.Entry.Source))
Expand Down
4 changes: 2 additions & 2 deletions core/exporter/encoders/occurrence.go
Original file line number Diff line number Diff line change
Expand Up @@ -32,11 +32,11 @@ import (
"time"

"github.com/cespare/xxhash/v2"
"github.com/cisco-eti/sf-apis/go/logger"
"github.com/cisco-eti/sf-apis/go/sfgo"
"github.com/linkedin/goavro"
cmap "github.com/orcaman/concurrent-map"
"github.com/steakknife/bloomfilter"
"github.com/sysflow-telemetry/sf-apis/go/logger"
"github.com/sysflow-telemetry/sf-apis/go/sfgo"
"github.com/sysflow-telemetry/sf-processor/core/exporter/commons"
"github.com/sysflow-telemetry/sf-processor/core/exporter/encoders/avro/occurrence/event"
"github.com/sysflow-telemetry/sf-processor/core/exporter/utils"
Expand Down
4 changes: 2 additions & 2 deletions core/exporter/exporter.go
Original file line number Diff line number Diff line change
Expand Up @@ -25,8 +25,8 @@ import (
"sync"
"time"

"github.com/sysflow-telemetry/sf-apis/go/logger"
"github.com/sysflow-telemetry/sf-apis/go/plugins"
"github.com/cisco-eti/sf-apis/go/logger"
"github.com/cisco-eti/sf-apis/go/plugins"
"github.com/sysflow-telemetry/sf-processor/core/exporter/commons"
"github.com/sysflow-telemetry/sf-processor/core/exporter/encoders"
"github.com/sysflow-telemetry/sf-processor/core/exporter/transports"
Expand Down
2 changes: 1 addition & 1 deletion core/exporter/transports/elastic.go
Original file line number Diff line number Diff line change
Expand Up @@ -31,10 +31,10 @@ import (
"os"
"time"

"github.com/cisco-eti/sf-apis/go/logger"
elasticsearch "github.com/elastic/go-elasticsearch/v8"
estransport "github.com/elastic/go-elasticsearch/v8/estransport"
"github.com/elastic/go-elasticsearch/v8/esutil"
"github.com/sysflow-telemetry/sf-apis/go/logger"
"github.com/sysflow-telemetry/sf-processor/core/exporter/commons"
"github.com/sysflow-telemetry/sf-processor/core/exporter/encoders"
)
Expand Down
2 changes: 1 addition & 1 deletion core/exporter/transports/findings.go
Original file line number Diff line number Diff line change
Expand Up @@ -28,8 +28,8 @@ import (
"github.com/IBM/go-sdk-core/v5/core"
"github.com/IBM/scc-go-sdk/v3/common"
"github.com/IBM/scc-go-sdk/v3/findingsv1"
"github.com/cisco-eti/sf-apis/go/logger"
"github.com/pkg/errors"
"github.com/sysflow-telemetry/sf-apis/go/logger"
"github.com/sysflow-telemetry/sf-processor/core/exporter/commons"
"github.com/sysflow-telemetry/sf-processor/core/exporter/encoders"
"github.com/sysflow-telemetry/sf-processor/core/exporter/utils"
Expand Down
2 changes: 1 addition & 1 deletion core/exporter/transports/syslog.go
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ import (
"fmt"

syslog "github.com/RackSec/srslog"
"github.com/sysflow-telemetry/sf-apis/go/sfgo"
"github.com/cisco-eti/sf-apis/go/sfgo"
"github.com/sysflow-telemetry/sf-processor/core/exporter/commons"
"github.com/sysflow-telemetry/sf-processor/core/exporter/utils"
)
Expand Down
2 changes: 1 addition & 1 deletion core/exporter/utils/utils.go
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ import (
"time"
"unsafe"

"github.com/sysflow-telemetry/sf-apis/go/sfgo"
"github.com/cisco-eti/sf-apis/go/sfgo"
)

// TrimBoundingQuotes removes bounding quotes from string.
Expand Down
2 changes: 1 addition & 1 deletion core/flattener/filter.go
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ import (
"time"

"github.com/cespare/xxhash/v2"
"github.com/sysflow-telemetry/sf-apis/go/sfgo"
"github.com/cisco-eti/sf-apis/go/sfgo"
)

var byteInt64 []byte = make([]byte, 8)
Expand Down
18 changes: 15 additions & 3 deletions core/flattener/flattener.go
Original file line number Diff line number Diff line change
Expand Up @@ -26,9 +26,9 @@ import (
"encoding/json"
"strings"

"github.com/sysflow-telemetry/sf-apis/go/logger"
"github.com/sysflow-telemetry/sf-apis/go/plugins"
"github.com/sysflow-telemetry/sf-apis/go/sfgo"
"github.com/cisco-eti/sf-apis/go/logger"
"github.com/cisco-eti/sf-apis/go/plugins"
"github.com/cisco-eti/sf-apis/go/sfgo"
)

const (
Expand Down Expand Up @@ -152,6 +152,9 @@ func (s *Flattener) HandleNetFlow(sf *plugins.CtxSysFlow, nf *sfgo.NetworkFlow)
s.fillEntities(sf.Header, sf.Pod, sf.Container, sf.Process, nil, fr)
fr.Ints[sfgo.SYSFLOW_IDX][sfgo.FL_NETW_TS_INT] = nf.Ts
fr.Ints[sfgo.SYSFLOW_IDX][sfgo.FL_NETW_TID_INT] = nf.Tid
fr.Strs[sfgo.SYSFLOW_IDX][sfgo.FL_NETW_CAP_PERMITTED_STR] = nf.TCapPermitted
fr.Strs[sfgo.SYSFLOW_IDX][sfgo.FL_NETW_CAP_EFFECTIVE_STR] = nf.TCapEffective
fr.Strs[sfgo.SYSFLOW_IDX][sfgo.FL_NETW_CAP_INHERITABLE_STR] = nf.TCapInheritable
fr.Ints[sfgo.SYSFLOW_IDX][sfgo.FL_NETW_OPFLAGS_INT] = int64(nf.OpFlags)
fr.Ints[sfgo.SYSFLOW_IDX][sfgo.FL_NETW_ENDTS_INT] = nf.EndTs
fr.Ints[sfgo.SYSFLOW_IDX][sfgo.FL_NETW_SIP_INT] = int64(nf.Sip)
Expand All @@ -177,6 +180,9 @@ func (s *Flattener) HandleFileFlow(sf *plugins.CtxSysFlow, ff *sfgo.FileFlow) er
s.fillEntities(sf.Header, sf.Pod, sf.Container, sf.Process, sf.File, fr)
fr.Ints[sfgo.SYSFLOW_IDX][sfgo.FL_FILE_TS_INT] = ff.Ts
fr.Ints[sfgo.SYSFLOW_IDX][sfgo.FL_FILE_TID_INT] = ff.Tid
fr.Strs[sfgo.SYSFLOW_IDX][sfgo.FL_FILE_CAP_PERMITTED_STR] = ff.TCapPermitted
fr.Strs[sfgo.SYSFLOW_IDX][sfgo.FL_FILE_CAP_EFFECTIVE_STR] = ff.TCapEffective
fr.Strs[sfgo.SYSFLOW_IDX][sfgo.FL_FILE_CAP_INHERITABLE_STR] = ff.TCapInheritable
fr.Ints[sfgo.SYSFLOW_IDX][sfgo.FL_FILE_OPFLAGS_INT] = int64(ff.OpFlags)
fr.Ints[sfgo.SYSFLOW_IDX][sfgo.FL_FILE_OPENFLAGS_INT] = int64(ff.OpenFlags)
fr.Ints[sfgo.SYSFLOW_IDX][sfgo.FL_FILE_ENDTS_INT] = ff.EndTs
Expand Down Expand Up @@ -219,6 +225,9 @@ func (s *Flattener) HandleFileEvt(sf *plugins.CtxSysFlow, fe *sfgo.FileEvent) er
fr.Ints[sfgo.SYSFLOW_IDX][sfgo.EV_FILE_TID_INT] = fe.Tid
fr.Ints[sfgo.SYSFLOW_IDX][sfgo.EV_FILE_OPFLAGS_INT] = int64(fe.OpFlags)
fr.Ints[sfgo.SYSFLOW_IDX][sfgo.EV_FILE_RET_INT] = int64(fe.Ret)
fr.Strs[sfgo.SYSFLOW_IDX][sfgo.EV_FILE_CAP_PERMITTED_STR] = fe.TCapPermitted
fr.Strs[sfgo.SYSFLOW_IDX][sfgo.EV_FILE_CAP_EFFECTIVE_STR] = fe.TCapEffective
fr.Strs[sfgo.SYSFLOW_IDX][sfgo.EV_FILE_CAP_INHERITABLE_STR] = fe.TCapInheritable
fr.Ptree = sf.PTree
fr.GraphletID = sf.GraphletID
s.out(fr)
Expand All @@ -242,6 +251,9 @@ func (s *Flattener) HandleProcEvt(sf *plugins.CtxSysFlow, pe *sfgo.ProcessEvent)
s.fillEntities(sf.Header, sf.Pod, sf.Container, sf.Process, nil, fr)
fr.Ints[sfgo.SYSFLOW_IDX][sfgo.EV_PROC_TS_INT] = pe.Ts
fr.Ints[sfgo.SYSFLOW_IDX][sfgo.EV_PROC_TID_INT] = pe.Tid
fr.Strs[sfgo.SYSFLOW_IDX][sfgo.EV_PROC_CAP_PERMITTED_STR] = pe.TCapPermitted
fr.Strs[sfgo.SYSFLOW_IDX][sfgo.EV_PROC_CAP_EFFECTIVE_STR] = pe.TCapEffective
fr.Strs[sfgo.SYSFLOW_IDX][sfgo.EV_PROC_CAP_INHERITABLE_STR] = pe.TCapInheritable
fr.Ints[sfgo.SYSFLOW_IDX][sfgo.EV_PROC_OPFLAGS_INT] = int64(pe.OpFlags)
fr.Ints[sfgo.SYSFLOW_IDX][sfgo.EV_PROC_RET_INT] = int64(pe.Ret)
fr.Ptree = sf.PTree
Expand Down
2 changes: 1 addition & 1 deletion core/go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -40,14 +40,14 @@ require (
github.com/satta/gommunityid v0.0.0-20210315182841-1cdcb73ce408
github.com/steakknife/bloomfilter v0.0.0-20180922174646-6819c0d2a570
github.com/stretchr/testify v1.7.0
github.com/sysflow-telemetry/sf-apis/go v0.0.0-20230929141246-bc28a59e1300
github.com/tidwall/gjson v1.14.1
golang.org/x/exp v0.0.0-20230206171751-46f607a40771
)

require (
github.com/alecthomas/participle v0.7.1 // indirect
github.com/asaskevich/govalidator v0.0.0-20200907205600-7a23bdc65eef // indirect
github.com/cisco-eti/sf-apis/go v0.0.0-20240605163601-d605a9754416 // indirect
github.com/davecgh/go-spew v1.1.1 // indirect
github.com/go-openapi/errors v0.19.8 // indirect
github.com/go-openapi/strfmt v0.21.1 // indirect
Expand Down
14 changes: 10 additions & 4 deletions core/go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,16 @@ github.com/bradleyjkemp/sigma-go v0.5.1 h1:2a747+swYse4KfIvLRCg49q118MSONk5+W/Je
github.com/bradleyjkemp/sigma-go v0.5.1/go.mod h1:ZiTmCLylS8LOQPm1/2FuNDlSteiWwuHWScE69vOhh8c=
github.com/cespare/xxhash/v2 v2.1.2 h1:YRXhKfTDauu4ajMg1TPgFO5jnlC2HCbmLXMcTG5cbYE=
github.com/cespare/xxhash/v2 v2.1.2/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
github.com/cisco-eti/sf-apis/go v0.0.0-20230905191833-17e4c751b04c h1:5BCJMIuiysHlYJe+nr/203cqIS6cpTIssbUD8v88VOU=
github.com/cisco-eti/sf-apis/go v0.0.0-20230905191833-17e4c751b04c/go.mod h1:eo1ATE056Rqb9LhE4LA/0Y2AHfV//1zdCw0py4/S5HM=
github.com/cisco-eti/sf-apis/go v0.0.0-20230929141246-bc28a59e1300 h1:ZxzwimQe2R4kYorqS33/l+m/+SXWMzPn1cLtpA1ExA0=
github.com/cisco-eti/sf-apis/go v0.0.0-20230929141246-bc28a59e1300/go.mod h1:rvE0WXuIQmACykrVpAKxP5Crf/7KvZplUTULATmAuf4=
github.com/cisco-eti/sf-apis/go v0.0.0-20240605155059-7218e3853449 h1:ibRooKkzXCY2jETfmLM3ltF5dwTtP/GobkOTZqRG1xQ=
github.com/cisco-eti/sf-apis/go v0.0.0-20240605155059-7218e3853449/go.mod h1:O6bwXAzOT59ccMHBfvEfJJ1MeB79rZFC1pwQ2AJ6JEg=
github.com/cisco-eti/sf-apis/go v0.0.0-20240605160458-06e52674202f h1:M8jhjF+sBi10J43Fv+hYYmIKLtRdE4ErHsE855uBNlw=
github.com/cisco-eti/sf-apis/go v0.0.0-20240605160458-06e52674202f/go.mod h1:O6bwXAzOT59ccMHBfvEfJJ1MeB79rZFC1pwQ2AJ6JEg=
github.com/cisco-eti/sf-apis/go v0.0.0-20240605163601-d605a9754416 h1:E/CnNqAzy3096KSrFE6jPPHyV+frI6JM9oQPT3zuKVo=
github.com/cisco-eti/sf-apis/go v0.0.0-20240605163601-d605a9754416/go.mod h1:O6bwXAzOT59ccMHBfvEfJJ1MeB79rZFC1pwQ2AJ6JEg=
github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
Expand Down Expand Up @@ -198,10 +208,6 @@ github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5
github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY=
github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
github.com/sysflow-telemetry/sf-apis/go v0.0.0-20230905191833-17e4c751b04c h1:5BCJMIuiysHlYJe+nr/203cqIS6cpTIssbUD8v88VOU=
github.com/sysflow-telemetry/sf-apis/go v0.0.0-20230905191833-17e4c751b04c/go.mod h1:eo1ATE056Rqb9LhE4LA/0Y2AHfV//1zdCw0py4/S5HM=
github.com/sysflow-telemetry/sf-apis/go v0.0.0-20230929141246-bc28a59e1300 h1:ZxzwimQe2R4kYorqS33/l+m/+SXWMzPn1cLtpA1ExA0=
github.com/sysflow-telemetry/sf-apis/go v0.0.0-20230929141246-bc28a59e1300/go.mod h1:rvE0WXuIQmACykrVpAKxP5Crf/7KvZplUTULATmAuf4=
github.com/tidwall/gjson v1.14.1 h1:iymTbGkQBhveq21bEvAQ81I0LEBork8BFe1CUZXdyuo=
github.com/tidwall/gjson v1.14.1/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk=
github.com/tidwall/match v1.1.1 h1:+Ho715JplO36QYgwN9PGYNhgZvoUSc9X2c80KVTi+GA=
Expand Down
4 changes: 2 additions & 2 deletions core/policyengine/engine/actionhandler.go
Original file line number Diff line number Diff line change
Expand Up @@ -22,8 +22,8 @@ package engine
import (
"plugin"

"github.com/sysflow-telemetry/sf-apis/go/ioutils"
"github.com/sysflow-telemetry/sf-apis/go/logger"
"github.com/cisco-eti/sf-apis/go/ioutils"
"github.com/cisco-eti/sf-apis/go/logger"
"github.com/sysflow-telemetry/sf-processor/core/policyengine/policy"
)

Expand Down
2 changes: 1 addition & 1 deletion core/policyengine/engine/interpreter.go
Original file line number Diff line number Diff line change
Expand Up @@ -25,8 +25,8 @@ import (
"sync"
"time"

"github.com/cisco-eti/sf-apis/go/logger"
"github.com/paulbellamy/ratecounter"
"github.com/sysflow-telemetry/sf-apis/go/logger"
"github.com/sysflow-telemetry/sf-processor/core/policyengine/policy"
"github.com/sysflow-telemetry/sf-processor/core/policyengine/source"
)
Expand Down
4 changes: 2 additions & 2 deletions core/policyengine/engine/interpreter_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -21,9 +21,9 @@ import (
"os"
"testing"

"github.com/cisco-eti/sf-apis/go/ioutils"
"github.com/cisco-eti/sf-apis/go/logger"
"github.com/stretchr/testify/assert"
"github.com/sysflow-telemetry/sf-apis/go/ioutils"
"github.com/sysflow-telemetry/sf-apis/go/logger"
"github.com/sysflow-telemetry/sf-processor/core/policyengine/policy/falco"
"github.com/sysflow-telemetry/sf-processor/core/policyengine/policy/sigma"
"github.com/sysflow-telemetry/sf-processor/core/policyengine/source/flatrecord"
Expand Down
2 changes: 1 addition & 1 deletion core/policyengine/engine/setup_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ import (
"os"
"testing"

"github.com/sysflow-telemetry/sf-apis/go/logger"
"github.com/cisco-eti/sf-apis/go/logger"
)

func TestMain(m *testing.M) {
Expand Down
4 changes: 2 additions & 2 deletions core/policyengine/monitor/localpolicymonitor.go
Original file line number Diff line number Diff line change
Expand Up @@ -29,9 +29,9 @@ import (
"strings"
"time"

"github.com/cisco-eti/sf-apis/go/ioutils"
"github.com/cisco-eti/sf-apis/go/logger"
"github.com/fsnotify/fsnotify"
"github.com/sysflow-telemetry/sf-apis/go/ioutils"
"github.com/sysflow-telemetry/sf-apis/go/logger"
"github.com/sysflow-telemetry/sf-processor/core/policyengine/engine"
)

Expand Down
2 changes: 1 addition & 1 deletion core/policyengine/policy/falco/compiler.go
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ import (
"strings"

"github.com/antlr/antlr4/runtime/Go/antlr"
"github.com/sysflow-telemetry/sf-apis/go/logger"
"github.com/cisco-eti/sf-apis/go/logger"
"github.com/sysflow-telemetry/sf-processor/core/policyengine/common"
"github.com/sysflow-telemetry/sf-processor/core/policyengine/policy"
"github.com/sysflow-telemetry/sf-processor/core/policyengine/policy/falco/lang/errorhandler"
Expand Down
4 changes: 2 additions & 2 deletions core/policyengine/policy/falco/compiler_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -24,9 +24,9 @@ import (
"os"
"testing"

"github.com/cisco-eti/sf-apis/go/ioutils"
"github.com/cisco-eti/sf-apis/go/logger"
"github.com/stretchr/testify/assert"
"github.com/sysflow-telemetry/sf-apis/go/ioutils"
"github.com/sysflow-telemetry/sf-apis/go/logger"
"github.com/sysflow-telemetry/sf-processor/core/policyengine/policy/falco"
"github.com/sysflow-telemetry/sf-processor/core/policyengine/source/flatrecord"
)
Expand Down
2 changes: 1 addition & 1 deletion core/policyengine/policy/predicates.go
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@
// Package policy implements input policy translation for the rules engine.
package policy

import "github.com/sysflow-telemetry/sf-apis/go/logger"
import "github.com/cisco-eti/sf-apis/go/logger"

// Predicate defines the type of a functional predicate.
type Predicate[R any] func(R) bool
Expand Down
Loading

0 comments on commit d37ed0c

Please sign in to comment.