38 lines
887 B
Go
38 lines
887 B
Go
package domain
|
|
|
|
import (
|
|
"strconv"
|
|
"time"
|
|
)
|
|
|
|
// EventSource identifies the source of an event.
|
|
type EventSource string
|
|
|
|
const (
|
|
SourceA EventSource = "A" // Apache/HTTP source
|
|
SourceB EventSource = "B" // Network source
|
|
)
|
|
|
|
// NormalizedEvent represents a unified internal event from either source.
|
|
type NormalizedEvent struct {
|
|
Source EventSource
|
|
Timestamp time.Time
|
|
SrcIP string
|
|
SrcPort int
|
|
DstIP string
|
|
DstPort int
|
|
Headers map[string]string
|
|
Extra map[string]any
|
|
Raw map[string]any // Original raw data
|
|
}
|
|
|
|
// CorrelationKey returns the key used for correlation (src_ip + src_port).
|
|
func (e *NormalizedEvent) CorrelationKey() string {
|
|
return e.SrcIP + ":" + strconv.Itoa(e.SrcPort)
|
|
}
|
|
|
|
// CorrelationKeyFull returns a proper correlation key (alias for clarity).
|
|
func (e *NormalizedEvent) CorrelationKeyFull() string {
|
|
return e.CorrelationKey()
|
|
}
|