private static void PopulateAggregationRollupData(FlowLogAggregation aggregation) { long flowLogsCountAccepted = 0; long sumOfBytesAccepted = 0; long sumOfPacketsAccepted = 0; long flowLogsCountRejected = 0; long sumOfBytesRejected = 0; long sumOfPacketsRejected = 0; foreach (var detail in aggregation.Details) { if (detail.Action == "accept") { flowLogsCountAccepted += detail.FlowLogsCount; sumOfBytesAccepted += detail.SumOfBytes; sumOfPacketsAccepted += detail.SumOfPackets; } else { flowLogsCountRejected += detail.FlowLogsCount; sumOfBytesRejected += detail.SumOfBytes; sumOfPacketsRejected += detail.SumOfPackets; } } aggregation.FlowLogsCountAccepted = flowLogsCountAccepted; aggregation.SumOfBytesAccepted = sumOfBytesAccepted; aggregation.SumOfPacketsAccepted = sumOfPacketsAccepted; aggregation.FlowLogsCountRejected = flowLogsCountRejected; aggregation.SumOfBytesRejected = sumOfBytesRejected; aggregation.SumOfPacketsRejected = sumOfPacketsRejected; }
private static List <FlowLogAggregation> ParseAggregation(IDictionary <string, IAggregation> aggregations) { List <FlowLogAggregation> parsedAggregations = new List <FlowLogAggregation>(); foreach (string srcSubnetKey in aggregations.Keys) { var srcSubnetAggBucket = aggregations[srcSubnetKey] as Nest.Bucket; if (srcSubnetAggBucket != null && srcSubnetAggBucket.Items != null) { var srcSubnetAgg = srcSubnetAggBucket.Items.FirstOrDefault() as Nest.SingleBucket; if (srcSubnetAgg != null && srcSubnetAgg.Aggregations != null && srcSubnetAgg.Aggregations.Any()) { foreach (var dstSubnetKey in srcSubnetAgg.Aggregations.Keys) { var dstSubnetAggBucket = srcSubnetAgg.Aggregations[dstSubnetKey] as Nest.Bucket; if (dstSubnetAggBucket != null && dstSubnetAggBucket.Items != null) { var dstSubnetAgg = dstSubnetAggBucket.Items.FirstOrDefault() as Nest.SingleBucket; if (dstSubnetAgg != null) { var flowLogAggregation = new FlowLogAggregation { SourceSubnet = srcSubnetKey, DestinationSubnet = dstSubnetKey, IsUnknownSourceSubnet = srcSubnetKey == anonymousSubnet, IsUnknownDestinationSubnet = dstSubnetKey == anonymousSubnet, NumberOfFlowLogs = dstSubnetAgg.DocCount }; if (dstSubnetAgg.Aggregations.ContainsKey(sumOfBytesAggKey)) { var sumMetric = dstSubnetAgg.Aggregations[sumOfBytesAggKey] as Nest.ValueMetric; if (sumMetric != null && sumMetric.Value.HasValue) { flowLogAggregation.SumOfBytes = Convert.ToInt64(sumMetric.Value.Value); } } if (dstSubnetAgg.Aggregations.ContainsKey(sumOfPacketsAggKey)) { var sumMetric = dstSubnetAgg.Aggregations[sumOfPacketsAggKey] as Nest.ValueMetric; if (sumMetric != null && sumMetric.Value.HasValue) { flowLogAggregation.SumOfPackets = Convert.ToInt64(sumMetric.Value.Value); } } parsedAggregations.Add(flowLogAggregation); } } } } } } return(parsedAggregations); }
private static void PopulateAggregationMetaData(FlowLogAggregation aggregation) { //"11072015203903-990008671661-us-west-2-traffic-i2s-igw-10cb6e75-subnet-ac833adb" var regex = new Regex(@"^(\d+)-(\d+)-(.*-.*-.*)-(traffic)-(.*)-(.*-.*)-(.*-.*)$"); var match = regex.Match(aggregation.AggregationIdentifier); if (match.Groups.Count == 8) { aggregation.SourceId = match.Groups[6].ToString(); aggregation.DestinationId = match.Groups[7].ToString(); aggregation.SourceType = aggregation.SourceId.Split('-')[0]; aggregation.DestinationType = aggregation.DestinationId.Split('-')[0]; } }
private static List <FlowLogAggregation> ParseAggregation(IDictionary <string, IAggregation> aggregations) { List <FlowLogAggregation> parsedAggregations = new List <FlowLogAggregation>(); foreach (string srcSubnetKey in aggregations.Keys) { var flowLogAggregation = new FlowLogAggregation(); flowLogAggregation.AggregationIdentifier = srcSubnetKey; var listFlowLogAggregationDetail = new List <FlowLogAggregationDetail>(); var srcSubnetAggBucket = aggregations[srcSubnetKey] as Nest.Bucket; if (srcSubnetAggBucket != null && srcSubnetAggBucket.Items != null) { var srcSubnetAgg = srcSubnetAggBucket.Items.FirstOrDefault() as Nest.SingleBucket; if (srcSubnetAgg != null && srcSubnetAgg.Aggregations != null && srcSubnetAgg.Aggregations.Any()) { if (srcSubnetAgg.Aggregations.ContainsKey(actionAggKey)) { var actionAgg = srcSubnetAgg.Aggregations[actionAggKey] as Nest.Bucket; if (actionAgg != null && actionAgg.Items.Any()) { foreach (KeyItem actionAggItem in actionAgg.Items) { if (actionAggItem.Aggregations != null && actionAggItem.Aggregations.Any()) { var protocolAgg = actionAggItem.Aggregations[protocolAggKey] as Nest.Bucket; if (protocolAgg != null && protocolAgg.Items.Any()) { foreach (KeyItem protocolAggItem in protocolAgg.Items) { if (protocolAggItem.Aggregations != null && protocolAggItem.Aggregations.Any()) { if (protocolAggItem.Aggregations.ContainsKey(dstPortAggKey)) { var dstPortAgg = protocolAggItem.Aggregations[dstPortAggKey] as Nest.Bucket; if (dstPortAgg != null && dstPortAgg.Items.Any()) { foreach (KeyItem dstPortAggItem in dstPortAgg.Items) { var flowLogAggregationDetail = new FlowLogAggregationDetail { FlowLogsCount = dstPortAggItem.DocCount, Action = actionAggItem.Key, Protocol = protocolAggItem.Key, DstPort = dstPortAggItem.Key }; if (dstPortAggItem.Aggregations.ContainsKey(sumOfBytesAggKey)) { var sumMetric = dstPortAggItem.Aggregations[sumOfBytesAggKey] as Nest.ValueMetric; if (sumMetric != null && sumMetric.Value.HasValue) { flowLogAggregationDetail.SumOfBytes = Convert.ToInt64(sumMetric.Value.Value); } } if (dstPortAggItem.Aggregations.ContainsKey(sumOfPacketsAggKey)) { var sumMetric = dstPortAggItem.Aggregations[sumOfPacketsAggKey] as Nest.ValueMetric; if (sumMetric != null && sumMetric.Value.HasValue) { flowLogAggregationDetail.SumOfPackets = Convert.ToInt64(sumMetric.Value.Value); } } listFlowLogAggregationDetail.Add(flowLogAggregationDetail); } } } } } } } } } } } } flowLogAggregation.Details = listFlowLogAggregationDetail.ToArray(); parsedAggregations.Add(flowLogAggregation); } return(parsedAggregations); }