Я хочу создать сетевую диаграмму журналов брандмауэра pfsense с использованием Kibana. Я редактирую исходный код сетевого подключаемого модуля KBN: https://github.com/dlumbrer/kbn_network. У меня есть 2 поля SrcIP и DestIP (string)и у меня есть статические узлы, которые представляют IP-адреса шлюзов.Поток должен быть srcIp-GW-DestnIP.
Проблема в том, что если к одному и тому же шлюзу подключено более одного IP-адреса, это приводит к дублированию соединения двух узлов 1-1 GW вместо соединения многих узлов с одним.
$scope.$watchMulti(['esResponse', 'vis.params.secondNodeColor'], function ([resp]) {
let firstFirstBucketId, firstSecondBucketId, secondBucketId, colorBucketId, nodeSizeId, edgeSizeId
console.log("Resp array is "+resp);
if (resp) {
resp.columns.forEach((col) => {
if (col.aggConfig.schema.name === "first") {
if (firstFirstBucketId) {
firstSecondBucketId = col.id
} else {
firstFirstBucketId = col.id
}
} else if (col.aggConfig.schema.name === "second") {
secondBucketId = col.id
} else if (col.aggConfig.schema.name === "colornode") {
colorBucketId = col.id
} else if (col.aggConfig.schema.name === "size_node") {
nodeSizeId = col.id
} else if (col.aggConfig.schema.name === "size_edge") {
edgeSizeId = col.id
}
});
console.log("First bucket Id is "+firstFirstBucketId);
console.log("Second bucket Id is"+firstSecondBucketId);
$timeout(function () {
network_id = "net_" + $scope.$id;
loading_id = "loading_" + $scope.$parent.$id;
$("#" + loading_id).hide();
if ($scope.vis.aggs.bySchemaName['first'].length >= 1 && !$scope.vis.aggs.bySchemaName['second']) {
$scope.initialShows();
$(".secondNode").show();
// Retrieve the id of the configured tags aggregation
var firstFieldAggId = $scope.vis.aggs.bySchemaName['first'][0].id;
if ($scope.vis.aggs.bySchemaName['first'].length > 1) {
var secondFieldAggId = $scope.vis.aggs.bySchemaName['first'][1].id;
}
if ($scope.vis.aggs.bySchemaName['colornode']) {
var colorNodeAggId = $scope.vis.aggs.bySchemaName['colornode'][0].id;
var colorNodeAggName = $scope.vis.aggs.bySchemaName['colornode'][0].params.field.displayName;
var colorDicc = {};
var usedColors = [];
}
var firstFieldAggName = $scope.vis.aggs.bySchemaName['first'][0].params.field.displayName;
if ($scope.vis.aggs.bySchemaName['first'].length > 1) {
var secondFieldAggName = $scope.vis.aggs.bySchemaName['first'][1].params.field.displayName;
}
// Retrieve the metrics aggregation configured
if ($scope.vis.aggs.bySchemaName['size_node']) {
var metricsAgg_sizeNode = $scope.vis.aggs.bySchemaName['size_node'][0];
}
if ($scope.vis.aggs.bySchemaName['size_edge']) {
var metricsAgg_sizeEdge = $scope.vis.aggs.bySchemaName['size_edge'][0];
}
// Get the buckets of that aggregation
var buckets = resp.rows;
console.log(buckets);
var dataParsed = [];
//making static nodes array
var fwnodes=[{
key: "10.0.0.1",
label: "10.0.0.1",
shape: $scope.vis.params.shapeFirstNode,
color: $scope.vis.params.firstNodeColor,
firstNodeKey:[],
secondNodeKey:[]
},
{
key: "10.1.0.1",
label: "10.1.0.1",
shape: $scope.vis.params.shapeFirstNode,
color: $scope.vis.params.firstNodeColor,
firstNodeKey:[],
secondNodeKey:[]
},
{
key: "10.2.0.0",
label: "10.2.0.0",
shape: $scope.vis.params.shapeFirstNode,
color: $scope.vis.params.firstNodeColor,
firstNodeKey:[],
secondNodeKey:[]
},
{
key: "10.201.0.2",
label: "10.201.0.2",
shape: $scope.vis.params.shapeFirstNode,
color: $scope.vis.params.firstNodeColor,
firstNodeKey:[],
secondNodeKey:[]
},
{
key: "10.50.0.1",
label: "10.50.0.1",
shape: $scope.vis.params.shapeFirstNode,
color: $scope.vis.params.firstNodeColor,
firstNodeKey:[],
secondNodeKey:[]
},
{
key: "10.30.0.2",
label: "10.30.0.2",
shape: $scope.vis.params.shapeFirstNode,
color: $scope.vis.params.firstNodeColor,
secondNodeKey:[],
},
{
key: "10.20.0.1",
label: "10.20.0.1",
shape: $scope.vis.params.shapeFirstNode,
color: $scope.vis.params.firstNodeColor,
secondNodeKey:[]
}
]
var i = 0;
var regexpattern=/37\.71\.108\.[0-9]{1,3}/
var regexpattern2=/77\.84\.169\.[0-9]{1,3}/
var regexpattern3=/113\.38\.230\.[0-9]{1,3}/
var regexpattern4=/120\.56\.165\.[0-9]{1,3}/
var regexpattern5=/122\.113\.143\.[0-9]{1,3}/
var dataNodes = buckets.map(function (bucket) {
var result = $.grep(dataParsed, function (e) {
//console.log("E parameter is "+e.keyFirstNode);
return e.keyFirstNode == bucket[firstFirstBucketId]; });
//console.log("Result initially"+ result);
if (result.length == 0) {
dataParsed[i] = {};
dataParsed[i].keyFirstNode = bucket[firstFirstBucketId];
//Metrics are for the sizes
if (metricsAgg_sizeNode) {
// Use the getValue function of the aggregation to get the value of a bucket
var value = bucket[nodeSizeId]//metricsAgg_sizeNode.getValue(bucket);
var sizeVal = Math.min($scope.vis.params.maxCutMetricSizeNode, value);
if ($scope.vis.params.minCutMetricSizeNode > value) {
dataParsed.splice(i, 1);
return;
}
} else {
var sizeVal = 20;
}
dataParsed[i].valorSizeNode = sizeVal;
dataParsed[i].nodeColorValue = "default";
dataParsed[i].nodeColorKey = "default";
if(!dataParsed[i].relationsWithFirewallNode){
dataParsed[i].relationsWithFirewallNode=[];
}
if (!dataParsed[i].relationWithSecondNode) {
dataParsed[i].relationWithSecondNode = [];
}
//Iterate rows and choose the edge size
if ($scope.vis.aggs.bySchemaName['first'].length > 1) {
if (metricsAgg_sizeEdge) {
var value_sizeEdge = bucket[edgeSizeId];
var sizeEdgeVal = Math.min($scope.vis.params.maxCutMetricSizeEdge, value_sizeEdge);
} else {
var sizeEdgeVal = 0.1;
}
if (colorNodeAggId) {
if (colorDicc[bucket[colorBucketId]]) {
dataParsed[i].nodeColorKey = bucket[colorBucketId];
dataParsed[i].nodeColorValue = colorDicc[bucket[colorBucketId]];
} else {
//repeat to find a NO-REPEATED color
while (true) {
var confirmColor = randomColor();
if (usedColors.indexOf(confirmColor) == -1) {
colorDicc[bucket[colorBucketId]] = confirmColor;
dataParsed[i].nodeColorKey = bucket[colorBucketId];
dataParsed[i].nodeColorValue = colorDicc[bucket[colorBucketId]];
usedColors.push(confirmColor);
break;
}
}
}
}
var relation = {
keySecondNode: bucket[firstSecondBucketId],
countMetric: bucket[nodeSizeId],
widthOfEdge: sizeEdgeVal
}
console.log(regexpattern.test(dataParsed[i].keyFirstNode));
var relation2={};
if(regexpattern2.test(dataParsed[i].keyFirstNode)){
relation2={
keyFireWall: fwnodes[1].key,
countMetric: bucket[nodeSizeId],
widthOfEdge: sizeEdgeVal
}
}
else if(regexpattern3.test(dataParsed[i].keyFirstNode)){
relation2={
keyFireWall: fwnodes[2].key,
countMetric: bucket[nodeSizeId],
widthOfEdge: sizeEdgeVal
}
}
else if(regexpattern4.test(dataParsed[i].keyFirstNode)){
relation2={
keyFireWall: fwnodes[3].key,
countMetric: bucket[nodeSizeId],
widthOfEdge: sizeEdgeVal
}
}
else if(regexpattern5.test(dataParsed[i].keyFirstNode)){
relation2={
keyFireWall: fwnodes[4].key,
countMetric: bucket[nodeSizeId],
widthOfEdge: sizeEdgeVal
}
}
else{
relation2={
keyFireWall: fwnodes[0].key,
countMetric: bucket[nodeSizeId],
widthOfEdge: sizeEdgeVal
}
}
dataParsed[i].relationsWithFirewallNode.push(relation2);
console.log("Firewall key"+dataParsed[i].relationsWithFirewallNode.keyFireWall);
}
//fwnodes[r].firstNodeKey[i]=dataParsed[i].
console.log("Data parsed for "+ i + "Node");
dataParsed[i].relationWithSecondNode.push(relation)
console.log(dataParsed[i]);
//assigning color and the content of the popup
var inPopup = "<p>" + bucket[firstFirstBucketId] + "</p>"
if (dataParsed[i].nodeColorValue != "default") {
var colorNodeFinal = dataParsed[i].nodeColorValue;
inPopup += "<p>" + dataParsed[i].nodeColorKey + "</p>";
} else {
var colorNodeFinal = $scope.vis.params.firstNodeColor;
}
i++;
//Return the node totally built
var nodeReturn = {
id: i,
key: bucket[firstFirstBucketId],
color: colorNodeFinal,
shape: $scope.vis.params.shapeFirstNode,
//size: sizeVal
value: sizeVal,
font: {
color: $scope.vis.params.labelColor
}
}
if ($scope.vis.params.showLabels) {
nodeReturn.label = bucket[firstFirstBucketId];
}
if ($scope.vis.params.showPopup) {
nodeReturn.title = inPopup;
}
return nodeReturn;
} else if (result.length == 1) {
//Repetido el nodo, solo añadimos sus relaciones
var dataParsed_node_exist = result[0]
//Iterate rows and choose the edge size
console.log("Data Parsed exist"+dataParsed_node_exist[0]);
if ($scope.vis.aggs.bySchemaName['first'].length > 1) {
if (metricsAgg_sizeEdge) {
var value_sizeEdge = bucket[edgeSizeId];
var sizeEdgeVal = Math.min($scope.vis.params.maxCutMetricSizeEdge, value_sizeEdge);
} else {
var sizeEdgeVal = 0.1;
}
var relation = {
keySecondNode: bucket[firstSecondBucketId],
countMetric: bucket[nodeSizeId],
widthOfEdge: sizeEdgeVal
}
dataParsed_node_exist.relationWithSecondNode.push(relation);
console.log(dataParsed[i].keyFirstNode);
if(regexpattern.test(dataParsed_node_exist.relationsWithFirewallNode.keyFireWall)){
relation2={
keyFireWall: fwnodes[0].key,
countMetric: bucket[nodeSizeId],
widthOfEdge: sizeEdgeVal
}
dataParsed_node_exist.relationsWithFirewallNode.push(relation2);
}
else if(regexpattern2.test(dataParsed_node_exist.relationsWithFirewallNode.keyFireWall)){
relation2={
keyFireWall: fwnodes[1].key,
countMetric: bucket[nodeSizeId],
widthOfEdge: sizeEdgeVal
}
dataParsed_node_exist.relationsWithFirewallNode.push(relation2);
}
else if(regexpattern3.test(dataParsed_node_exist.relationsWithFirewallNode.keyFireWall)){
relation2={
keyFireWall: fwnodes[2].key,
countMetric: bucket[nodeSizeId],
widthOfEdge: sizeEdgeVal
}
dataParsed_node_exist.relationsWithFirewallNode.push(relation2);
}
else if(regexpattern4.test(dataParsed_node_exist.relationsWithFirewallNode.keyFireWall)){
relation2={
keyFireWall: fwnodes[3].key,
countMetric: bucket[nodeSizeId],
widthOfEdge: sizeEdgeVal
}
dataParsed_node_exist.relationsWithFirewallNode.push(relation2);
}
else if(regexpattern5.test(dataParsed_node_exist.relationsWithFirewallNode.keyFireWall)){
relation2={
keyFireWall: fwnodes[4].key,
countMetric: bucket[nodeSizeId],
widthOfEdge: sizeEdgeVal
}
dataParsed_node_exist.relationsWithFirewallNode.push(relation2);
}
}
return undefined
}
});
dataNodes = dataNodes.filter(Boolean);
var dataEdges = [];
for (var n = 0; n < dataParsed.length; n++) {
var result = $.grep(dataNodes, function (e) { return e.key == dataParsed[n].keyFirstNode; });
if (result.length == 0) {
console.log("Error: Node not found");
} else if (result.length == 1) { console.log(dataParsed[n].relationsWithFirewallNode.length);
if ($scope.vis.aggs.bySchemaName['first'].length > 1) {
if(dataParsed[n].relationsWithFirewallNode.length>0){
var j=55+n;
var newf={
id: j,
key:dataParsed[n].relationsWithFirewallNode[0].keyFireWall,
label:dataParsed[n].relationsWithFirewallNode[0].keyFireWall,
color: $scope.vis.params.secondNodeColor,
font: {
color: $scope.vis.params.labelColor
},
shape: $scope.vis.params.shapeSecondNode
};
// j++;
dataNodes.push(newf);
// const uniqueValues=[...new Set(dataNodes.map(newf => newf.key))];
// console.log(uniqueValues);
console.log(result[0]);
var edge = {
from: result[0].id,
to: dataNodes[dataNodes.length - 1].id,
value: dataParsed[n].relationsWithFirewallNode[0].widthOfEdge
}
dataEdges.push(edge);
}
/* for (var r = 0; r < dataParsed[n].relationWithSecondNode.length; r++) {
//Find in the relations the second node to relate
var nodeOfSecondType = $.grep(dataNodes, function (e) {
console.log("Node of second type parameter"+e.key)
return e.key == dataParsed[n].relationWithSecondNode[r].keySecondNode; });
if (nodeOfSecondType.length == 0) {
//Not found, added to the DataNodes - node of type 2
i++;
var newNode = {
id: i,
key: dataParsed[n].relationWithSecondNode[r].keySecondNode,
label: dataParsed[n].relationWithSecondNode[r].keySecondNode,
color: $scope.vis.params.secondNodeColor,
font: {
color: $scope.vis.params.labelColor
},
shape: $scope.vis.params.shapeSecondNode
};
console.log("New node is "+newNode);
//Add new node
dataNodes.push(newNode);
//And create the relation (edge)
var edge = {
from: result[0].id,
to: dataNodes[dataNodes.length - 1].id,
value: dataParsed[n].relationWithSecondNode[r].widthOfEdge
}
dataEdges.push(edge);
} else if (nodeOfSecondType.length == 1) {
//The node exists, creates only the edge
var enlace = {
from: result[0].id,
to: nodeOfSecondType[0].id,
value: dataParsed[n].relationWithSecondNode[r].widthOfEdge
}
dataEdges.push(enlace);
} else {
console.log("Error: Multiples nodes with same id found");
}
}*/
}
} else {
console.log("Error: Multiples nodes with same id found");
}
}
var nodesDataSet = new visN.DataSet(dataNodes);
var edgesDataSet = new visN.DataSet(dataEdges);
//var container = document.getElementById(network_id);
var container = document.getElementById(network_id);
container.style.height = container.getBoundingClientRect().height;
container.height = container.getBoundingClientRect().height;
var data = {
nodes: nodesDataSet,
edges: edgesDataSet
};
var options_1 = {
height: container.getBoundingClientRect().height.toString(),
physics: {
barnesHut: {
gravitationalConstant: $scope.vis.params.gravitationalConstant,
springConstant: $scope.vis.params.springConstant
}
},
edges: {
arrowStrikethrough: false,
smooth: {
type: $scope.vis.params.smoothType
},
scaling: {
min: $scope.vis.params.minEdgeSize,
max: $scope.vis.params.maxEdgeSize
}
},
nodes: {
physics: $scope.vis.params.nodePhysics,
scaling: {
min: $scope.vis.params.minNodeSize,
max: $scope.vis.params.maxNodeSize
}
},
layout: {
improvedLayout: !(dataEdges.length > 200)
},
interaction: {
hover: true
}
};
switch ($scope.vis.params.posArrow) {
case 'from':
var options_2 = {
edges: {
arrows: {
from: {
enabled: $scope.vis.params.displayArrow,
scaleFactor: $scope.vis.params.scaleArrow,
type: $scope.vis.params.shapeArrow
}
}
}
};
break;
case 'middle':
var options_2 = {
edges: {
arrows: {
middle: {
enabled: $scope.vis.params.displayArrow,
scaleFactor: $scope.vis.params.scaleArrow,
type: $scope.vis.params.shapeArrow
}
}
}
};
break;
case 'to':
var options_2 = {
edges: {
arrows: {
to: {
enabled: $scope.vis.params.displayArrow,
scaleFactor: $scope.vis.params.scaleArrow,
type: $scope.vis.params.shapeArrow
}
}
}
};
break;
default:
var options_2 = {
edges: {
arrows: {
from: {
enabled: $scope.vis.params.displayArrow,
scaleFactor: $scope.vis.params.scaleArrow,
type: $scope.vis.params.shapeArrow
}
}
}
};
break;
}
var options = angular.merge(options_1, options_2);
console.log("Create network now");
var network = new visN.Network(container, data, options);
$scope.startDynamicResize(network);
network.on("afterDrawing", function (canvasP) {
$("#" + loading_id).hide();
// Draw the color legend if Node Color is activated
if ($scope.vis.aggs.bySchemaName['colornode'] && $scope.vis.params.showColorLegend) {
$scope.drawColorLegend(usedColors, colorDicc);
}
});