github.com/crowdsecurity/crowdsec@v1.6.1/pkg/parser/enrich_geoip.go (about) 1 package parser 2 3 import ( 4 "fmt" 5 "net" 6 "strconv" 7 8 "github.com/oschwald/geoip2-golang" 9 "github.com/oschwald/maxminddb-golang" 10 log "github.com/sirupsen/logrus" 11 12 "github.com/crowdsecurity/crowdsec/pkg/types" 13 ) 14 15 func IpToRange(field string, p *types.Event, ctx interface{}, plog *log.Entry) (map[string]string, error) { 16 var dummy interface{} 17 ret := make(map[string]string) 18 19 if field == "" { 20 return nil, nil 21 } 22 ip := net.ParseIP(field) 23 if ip == nil { 24 plog.Infof("Can't parse ip %s, no range enrich", field) 25 return nil, nil 26 } 27 net, ok, err := ctx.(*maxminddb.Reader).LookupNetwork(ip, &dummy) 28 if err != nil { 29 plog.Errorf("Failed to fetch network for %s : %v", ip.String(), err) 30 return nil, nil 31 } 32 if !ok { 33 plog.Debugf("Unable to find range of %s", ip.String()) 34 return nil, nil 35 } 36 ret["SourceRange"] = net.String() 37 return ret, nil 38 } 39 40 func GeoIpASN(field string, p *types.Event, ctx interface{}, plog *log.Entry) (map[string]string, error) { 41 ret := make(map[string]string) 42 if field == "" { 43 return nil, nil 44 } 45 46 ip := net.ParseIP(field) 47 if ip == nil { 48 plog.Infof("Can't parse ip %s, no ASN enrich", ip) 49 return nil, nil 50 } 51 record, err := ctx.(*geoip2.Reader).ASN(ip) 52 if err != nil { 53 plog.Errorf("Unable to enrich ip '%s'", field) 54 return nil, nil //nolint:nilerr 55 } 56 ret["ASNNumber"] = fmt.Sprintf("%d", record.AutonomousSystemNumber) 57 ret["ASNumber"] = fmt.Sprintf("%d", record.AutonomousSystemNumber) 58 ret["ASNOrg"] = record.AutonomousSystemOrganization 59 60 plog.Tracef("geoip ASN %s -> %s, %s", field, ret["ASNNumber"], ret["ASNOrg"]) 61 62 return ret, nil 63 } 64 65 func GeoIpCity(field string, p *types.Event, ctx interface{}, plog *log.Entry) (map[string]string, error) { 66 ret := make(map[string]string) 67 if field == "" { 68 return nil, nil 69 } 70 ip := net.ParseIP(field) 71 if ip == nil { 72 plog.Infof("Can't parse ip %s, no City enrich", ip) 73 return nil, nil 74 } 75 record, err := ctx.(*geoip2.Reader).City(ip) 76 if err != nil { 77 plog.Debugf("Unable to enrich ip '%s'", ip) 78 return nil, nil //nolint:nilerr 79 } 80 if record.Country.IsoCode != "" { 81 ret["IsoCode"] = record.Country.IsoCode 82 ret["IsInEU"] = strconv.FormatBool(record.Country.IsInEuropeanUnion) 83 } else if record.RegisteredCountry.IsoCode != "" { 84 ret["IsoCode"] = record.RegisteredCountry.IsoCode 85 ret["IsInEU"] = strconv.FormatBool(record.RegisteredCountry.IsInEuropeanUnion) 86 } else if record.RepresentedCountry.IsoCode != "" { 87 ret["IsoCode"] = record.RepresentedCountry.IsoCode 88 ret["IsInEU"] = strconv.FormatBool(record.RepresentedCountry.IsInEuropeanUnion) 89 } else { 90 ret["IsoCode"] = "" 91 ret["IsInEU"] = strconv.FormatBool(false) 92 } 93 94 ret["Latitude"] = fmt.Sprintf("%f", record.Location.Latitude) 95 ret["Longitude"] = fmt.Sprintf("%f", record.Location.Longitude) 96 97 plog.Tracef("geoip City %s -> %s, %s", field, ret["IsoCode"], ret["IsInEU"]) 98 99 return ret, nil 100 } 101 102 func GeoIPCityInit(cfg map[string]string) (interface{}, error) { 103 dbCityReader, err := geoip2.Open(cfg["datadir"] + "/GeoLite2-City.mmdb") 104 if err != nil { 105 log.Debugf("couldn't open geoip : %v", err) 106 return nil, err 107 } 108 109 return dbCityReader, nil 110 } 111 112 func GeoIPASNInit(cfg map[string]string) (interface{}, error) { 113 dbASReader, err := geoip2.Open(cfg["datadir"] + "/GeoLite2-ASN.mmdb") 114 if err != nil { 115 log.Debugf("couldn't open geoip : %v", err) 116 return nil, err 117 } 118 119 return dbASReader, nil 120 } 121 122 func IpToRangeInit(cfg map[string]string) (interface{}, error) { 123 ipToRangeReader, err := maxminddb.Open(cfg["datadir"] + "/GeoLite2-ASN.mmdb") 124 if err != nil { 125 log.Debugf("couldn't open geoip : %v", err) 126 return nil, err 127 } 128 129 return ipToRangeReader, nil 130 }