Add alert handling
This commit is contained in:
Nik Rozman
@@ -1 +1 @@
|
||||
192.168.1.191/32
|
||||
192.168.1.190/32
|
||||
2
main.go
2
main.go
@@ -80,7 +80,7 @@ func main() {
|
||||
fmt.Printf("Loaded %d ignored subnets: %v\n", len(ignored), ignored)
|
||||
|
||||
// Create an instance of EventCounter to track events.
|
||||
eventCounter := src.NewEventCounter(1*time.Minute, src.HandleAlert)
|
||||
eventCounter := src.NewEventCounter(10*time.Second, src.HandleAlert)
|
||||
go eventCounter.StartMonitoring()
|
||||
|
||||
// Open the named pipe for reading.
|
||||
|
||||
63
src/alert_channel.go
Normal file
63
src/alert_channel.go
Normal file
@@ -0,0 +1,63 @@
|
||||
package src
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"encoding/json"
|
||||
"fmt"
|
||||
"net/http"
|
||||
)
|
||||
|
||||
// WebhookURL is the URL of the Discord webhook.
|
||||
const WebhookURL = "https://discord.com/api/webhooks/1116824798421594233/ARw2KQvPPIt2wLlw4Ssp98o0VWkjr-FdZ2kpFono8zu5UC-N1Uyysy73wbL_DvYJutya"
|
||||
|
||||
// AlertData represents the data to be sent in the alert.
|
||||
type AlertData struct {
|
||||
Embeds []Embed `json:"embeds"`
|
||||
}
|
||||
|
||||
// Embed represents an embedded message in the alert.
|
||||
type Embed struct {
|
||||
Title string `json:"title"`
|
||||
Description string `json:"description"`
|
||||
Color int `json:"color"`
|
||||
}
|
||||
|
||||
// SendAlert sends an alert to the specified Discord webhook.
|
||||
func SendAlert(alert string) error {
|
||||
url := WebhookURL
|
||||
|
||||
alertData := AlertData{
|
||||
Embeds: []Embed{
|
||||
{
|
||||
Title: "IP Abuse alert",
|
||||
Description: alert,
|
||||
Color: 15258703, // Color in decimal (corresponding to a certain color)
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
jsonData, err := json.Marshal(alertData)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
client := &http.Client{}
|
||||
req, err := http.NewRequest("POST", url, bytes.NewBuffer(jsonData))
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
req.Header.Set("Content-Type", "application/json")
|
||||
|
||||
resp, err := client.Do(req)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
defer resp.Body.Close()
|
||||
|
||||
if resp.StatusCode < 200 || resp.StatusCode >= 300 {
|
||||
fmt.Printf("non-2xx status code: %d\n", resp.StatusCode)
|
||||
return fmt.Errorf("non-2xx status code")
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
@@ -39,7 +39,7 @@ func (ec *EventCounter) StartMonitoring() {
|
||||
for range ec.resetTimer.C {
|
||||
ec.mutex.Lock()
|
||||
for key, count := range ec.counts {
|
||||
if count >= 100 {
|
||||
if count >= 10 {
|
||||
ip, port := parseKey(key)
|
||||
ec.alertHandler(ip, port, count)
|
||||
}
|
||||
@@ -68,5 +68,6 @@ func (ec *EventCounter) StopMonitoring() {
|
||||
|
||||
// HandleAlert is a placeholder for alert handling logic.
|
||||
func HandleAlert(ip, port string, count int) {
|
||||
SendAlert(fmt.Sprintf("Alert: Source IP %s, Port %s exceeded the threshold with a count of %d\n", ip, port, count))
|
||||
fmt.Printf("Alert: Source IP %s, Port %s exceeded the threshold with a count of %d\n", ip, port, count)
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user