| 193 | } |
| 194 | |
| 195 | func (s *Statistics) onConnection(con *conman.Connection, match *rule.Rule, wasMissed bool) { |
| 196 | s.Lock() |
| 197 | defer s.Unlock() |
| 198 | |
| 199 | s.Connections++ |
| 200 | |
| 201 | if wasMissed { |
| 202 | s.RuleMisses++ |
| 203 | } else { |
| 204 | s.RuleHits++ |
| 205 | } |
| 206 | |
| 207 | if wasMissed == false && match.Action == rule.Allow { |
| 208 | s.Accepted++ |
| 209 | } else { |
| 210 | s.Dropped++ |
| 211 | } |
| 212 | |
| 213 | s.incMap(&s.ByProto, con.Protocol) |
| 214 | s.incMap(&s.ByAddress, con.DstIP.String()) |
| 215 | if con.DstHost != "" { |
| 216 | s.incMap(&s.ByHost, con.DstHost) |
| 217 | } |
| 218 | s.incMap(&s.ByPort, strconv.FormatUint(uint64(con.DstPort), 10)) |
| 219 | s.incMap(&s.ByUID, strconv.Itoa(con.Entry.UserId)) |
| 220 | s.incMap(&s.ByExecutable, con.Process.Path) |
| 221 | |
| 222 | // if we reached the limit, shift everything back |
| 223 | // by one position |
| 224 | nEvents := len(s.Events) |
| 225 | if nEvents == s.maxEvents { |
| 226 | s.Events = s.Events[1:] |
| 227 | } |
| 228 | if wasMissed { |
| 229 | return |
| 230 | } |
| 231 | s.Events = append(s.Events, NewEvent(con, match)) |
| 232 | |
| 233 | s.newEvents = true |
| 234 | } |
| 235 | |
| 236 | func (s *Statistics) serializeEvents() []*protocol.Event { |
| 237 | nEvents := len(s.Events) |