bitbucket.org/Aishee/synsec@v0.0.0-20210414005726-236fc01a153d/pkg/parser/enrich_dns.go

bitbucket.org/Aishee/synsec@v0.0.0-20210414005726-236fc01a153d/pkg/parser/enrich_dns.go (about)

     1  package parser
     2  
     3  import (
     4  	"net"
     5  
     6  	"bitbucket.org/Aishee/synsec/pkg/types"
     7  	log "github.com/sirupsen/logrus"
     8  	//"bitbucket.org/Aishee/synsec/pkg/parser"
     9  )
    10  
    11  /* All plugins must export a list of function pointers for exported symbols */
    12  //var ExportedFuncs = []string{"reverse_dns"}
    13  
    14  func reverse_dns(field string, p *types.Event, ctx interface{}) (map[string]string, error) {
    15  	ret := make(map[string]string)
    16  	if field == "" {
    17  		return nil, nil
    18  	}
    19  	rets, err := net.LookupAddr(field)
    20  	if err != nil {
    21  		log.Debugf("failed to resolve '%s'", field)
    22  		return nil, nil
    23  	}
    24  	//When using the host C library resolver, at most one result will be returned. To bypass the host resolver, use a custom Resolver.
    25  	ret["reverse_dns"] = rets[0]
    26  	return ret, nil
    27  }