stefanDeveloper
diff --git a/‎config.yml‎
Lines changed: 7 additions & 14 deletions b/‎config.yml‎
Lines changed: 7 additions & 14 deletions
diff --git a/‎heidpi-logger/include/Config.hpp‎
Lines changed: 1 addition & 4 deletions b/‎heidpi-logger/include/Config.hpp‎
Lines changed: 1 addition & 4 deletions
diff --git a/‎heidpi-logger/include/GeoIP.hpp‎
Lines changed: 3 additions & 3 deletions b/‎heidpi-logger/include/GeoIP.hpp‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎heidpi-logger/src/EventProcessor.cpp‎
Lines changed: 53 additions & 16 deletions b/‎heidpi-logger/src/EventProcessor.cpp‎
Lines changed: 53 additions & 16 deletions
diff --git a/‎heidpi-logger/src/GeoIP.cpp‎
Lines changed: 64 additions & 33 deletions b/‎heidpi-logger/src/GeoIP.cpp‎
Lines changed: 64 additions & 33 deletions
@@ -1,16 +1,13 @@
-appName: heiDPI
-
 logging:
-  level: ERROR
-  encoding: utf-8
-  format: "%(asctime)s %(levelname)s:%(message)s"
-  datefmt: "%Y-%m-%dT%I:%M:%S"
-  # filemode: w # a for append, will not override current file
   # filename: heiDPI.log
 
 flow_event:
-  ignore_fields: []
-  ignore_risks: []
+  ignore_fields: [
+    "alias"
+  ]
+  ignore_risks: [
+    "5"
+  ]
   flow_event_name:
     - update
     - end
@@ -24,30 +21,26 @@ flow_event:
     keys:
       - country.names.en
       # Additional configurations
-      - location
+      # - location
       # - city
       # - traits
       # - postal
-#  threads: 4
 
 daemon_event:
   ignore_fields: []
   daemon_event_name:
     - init
     - status
   filename: daemon_event
-#  threads: 4
 
 packet_event:
   ignore_fields: []
   packet_event_name:
     - packet-flow
   filename: packet_event
-#  threads: 4
 
 error_event:
   ignore_fields: []
   error_event_name:
     - error-flow
   filename: error_event
-#  threads: 4
@@ -9,10 +9,7 @@
  */
 struct LoggingConfig
 {
-    std::string level{"INFO"};
-    std::string format{"%Y-%m-%dT%H:%M:%S"};
-    std::string datefmt{"%Y-%m-%dT%H:%M:%S"};
-    std::string filename{}; // optional log file
+    std::string filename{};
 };
 
 struct EventConfig
 
@@ -16,11 +16,11 @@ class GeoIP
 
     void enrich(const std::string &src_ip, const std::string &dst_ip,
                 nlohmann::json &out) const;
+protected:
+    virtual nlohmann::json lookup(const std::string &ip) const;
+    bool loaded{false};
 
 private:
-    nlohmann::json lookup(const std::string &ip) const;
-
     MMDB_s mmdb{};
-    bool loaded{false};
     std::vector<std::string> keys;
 };
@@ -1,58 +1,95 @@
+/** 
+ * @file EventProcessor.cpp
+ * Implementation of event processing logic including timestamping, 
+ * GeoIP enrichment, and output formatting
+ */
+
 #include "EventProcessor.hpp"
 #include <fstream>
 #include <chrono>
 #include <iomanip>
 #include <ctime>
 #include <filesystem>
 
+/**
+ * @class EventProcessor
+ * Handles event processing pipeline including:
+ * - Timestamp injection
+ * - GeoIP enrichment (if enabled)
+ * - Field/risk filtering
+ * - Output file writing
+ */
 EventProcessor::EventProcessor(const EventConfig &cfg, const std::string &outDir)
-    : config(cfg), directory(outDir) {
-    if (cfg.geoip_enabled && !cfg.geoip_path.empty()) {
+    : config(cfg), directory(outDir)
+{
+    if (cfg.geoip_enabled && !cfg.geoip_path.empty())
+    {
         geo = std::make_unique<GeoIP>(cfg.geoip_path, cfg.geoip_keys);
-    } else {
+    }
+    else
+    {
         // optional, aber hilfreich zur Diagnose:
         Logger::info(std::string("GeoIP disabled for '") + cfg.filename +
                      "' (enabled=" + (cfg.geoip_enabled ? "true" : "false") +
                      ", path=" + (cfg.geoip_path.empty() ? "<empty>" : cfg.geoip_path) + ")");
     }
 }
 
-static std::string nowTs() {
+/**
+ * @return Current timestamp in ISO 8601 format (YYYY-MM-DDTHH:MM:SS)
+ */
+static std::string nowTs()
+{
     auto now = std::chrono::system_clock::now();
     std::time_t tt = std::chrono::system_clock::to_time_t(now);
-    std::tm tm = *std::localtime(&tt);
-    char buf[64];
-    std::strftime(buf, sizeof(buf), "%FT%T", &tm);
-    return std::string(buf);
+    std::tm tm = *std::localtime(&tt); // Thread-safe with local variable
+    std::ostringstream oss;
+    oss << std::put_time(&tm, "%FT%T"); // ISO 8601 format (2024-03-20T12:34:56)
+    return oss.str();
 }
 
-void EventProcessor::process(const nlohmann::json &j) {
+/**
+ * Processes a raw event JSON object through the full pipeline:
+ * 1. Injects current timestamp
+ * 2. Adds GeoIP enrichment (if configured)
+ * 3. Removes ignored fields
+ * 4. Filters out ignored risks
+ * 5. Writes to output file in specified directory
+ * 
+ * @param j Raw event JSON to process
+ */
+void EventProcessor::process(const nlohmann::json &j)
+{
     nlohmann::json out = j;
     out["timestamp"] = nowTs();
 
-    if (geo) { // statt config.geoip_enabled
+    if (geo)
+    { // statt config.geoip_enabled
         std::string src = j.value("src_ip", "");
         std::string dst = j.value("dst_ip", "");
         geo->enrich(src, dst, out);
     }
 
-    for (const auto &field : config.ignore_fields) {
+    for (const auto &field : config.ignore_fields)
+    {
         out.erase(field);
     }
 
-    if (!config.ignore_risks.empty() && out.contains("ndpi") && out["ndpi"].contains("flow_risk")) {
-        for (const auto &risk : config.ignore_risks) {
+    if (!config.ignore_risks.empty() && out.contains("ndpi") && out["ndpi"].contains("flow_risk"))
+    {
+        for (const auto &risk : config.ignore_risks)
+        {
             out["ndpi"]["flow_risk"].erase(risk);
         }
     }
-    
+
     std::filesystem::create_directories(directory);
     auto path = std::filesystem::path(directory) / (config.filename + ".json");
     std::ofstream ofs(path, std::ios::app);
-    if (!ofs.is_open()) {
+    if (!ofs.is_open())
+    {
         Logger::error("Failed to open output file: " + path.string());
         return;
     }
     ofs << out.dump() << std::endl;
 }
-
 
@@ -2,9 +2,12 @@
 #include "Logger.hpp"
 #include <sstream>
 
-namespace {
-nlohmann::json entryToJson(const MMDB_s &db, const MMDB_entry_data_s &entry) {
-    switch (entry.type) {
+namespace
+{
+    nlohmann::json entryToJson(const MMDB_s &db, const MMDB_entry_data_s &entry)
+    {
+        switch (entry.type)
+        {
         case MMDB_DATA_TYPE_UTF8_STRING:
             return std::string(entry.utf8_string, entry.data_size);
         case MMDB_DATA_TYPE_DOUBLE:
@@ -21,18 +24,22 @@ nlohmann::json entryToJson(const MMDB_s &db, const MMDB_entry_data_s &entry) {
             return entry.uint64;
         case MMDB_DATA_TYPE_BOOLEAN:
             return static_cast<bool>(entry.boolean);
-        case MMDB_DATA_TYPE_MAP: {
+        case MMDB_DATA_TYPE_MAP:
+        {
             MMDB_entry_s sub{&db, entry.offset};
             MMDB_entry_data_list_s *list = nullptr;
-            if (MMDB_get_entry_data_list(&sub, &list) == MMDB_SUCCESS && list) {
+            if (MMDB_get_entry_data_list(&sub, &list) == MMDB_SUCCESS && list)
+            {
                 nlohmann::json obj = nlohmann::json::object();
                 MMDB_entry_data_list_s *ptr = list;
-                while (ptr && ptr->next) {
+                while (ptr && ptr->next)
+                {
                     auto key = ptr->entry_data;
                     ptr = ptr->next;
                     auto val = ptr->entry_data;
                     ptr = ptr->next;
-                    if (key.type != MMDB_DATA_TYPE_UTF8_STRING) continue;
+                    if (key.type != MMDB_DATA_TYPE_UTF8_STRING)
+                        continue;
                     std::string k(key.utf8_string, key.data_size);
                     obj[k] = entryToJson(db, val);
                 }
@@ -41,13 +48,16 @@ nlohmann::json entryToJson(const MMDB_s &db, const MMDB_entry_data_s &entry) {
             }
             break;
         }
-        case MMDB_DATA_TYPE_ARRAY: {
+        case MMDB_DATA_TYPE_ARRAY:
+        {
             MMDB_entry_s sub{&db, entry.offset};
             MMDB_entry_data_list_s *list = nullptr;
-            if (MMDB_get_entry_data_list(&sub, &list) == MMDB_SUCCESS && list) {
+            if (MMDB_get_entry_data_list(&sub, &list) == MMDB_SUCCESS && list)
+            {
                 nlohmann::json arr = nlohmann::json::array();
                 MMDB_entry_data_list_s *ptr = list;
-                while (ptr) {
+                while (ptr)
+                {
                     arr.push_back(entryToJson(db, ptr->entry_data));
                     ptr = ptr->next;
                 }
@@ -58,61 +68,78 @@ nlohmann::json entryToJson(const MMDB_s &db, const MMDB_entry_data_s &entry) {
         }
         default:
             break;
+        }
+        return {};
     }
-    return {};
-}
 } // namespace
 
 GeoIP::GeoIP(const std::string &path, const std::vector<std::string> &k)
-    : keys(k) {
+    : keys(k)
+{
     int status = MMDB_open(path.c_str(), MMDB_MODE_MMAP, &mmdb);
-    if (status != MMDB_SUCCESS) {
+    if (status != MMDB_SUCCESS)
+    {
         Logger::error(std::string("GeoIP open failed: ") + path + " " + MMDB_strerror(status));
         loaded = false;
-    } else {
+    }
+    else
+    {
         loaded = true;
     }
 }
 
-GeoIP::~GeoIP() {
-    if (loaded) {
+GeoIP::~GeoIP()
+{
+    if (loaded)
+    {
         MMDB_close(&mmdb);
     }
 }
 
-nlohmann::json GeoIP::lookup(const std::string &ip) const {
+nlohmann::json GeoIP::lookup(const std::string &ip) const
+{
     nlohmann::json result;
-    if (!loaded || ip.empty()) return result;
+    if (!loaded || ip.empty())
+        return result;
 
     int gai_error = 0, mmdb_error = 0;
     MMDB_lookup_result_s res = MMDB_lookup_string(&mmdb, ip.c_str(), &gai_error, &mmdb_error);
-    if (gai_error != 0 || mmdb_error != MMDB_SUCCESS || !res.found_entry) {
+    if (gai_error != 0 || mmdb_error != MMDB_SUCCESS || !res.found_entry)
+    {
         return result;
     }
 
-    for (const auto &key : keys) {
+    for (const auto &key : keys)
+    {
         // Split dotted key path into parts
         std::vector<std::string> parts;
         std::stringstream ss(key);
         std::string part;
-        while (std::getline(ss, part, '.')) parts.push_back(part);
+        while (std::getline(ss, part, '.'))
+            parts.push_back(part);
 
-        std::vector<const char*> path;
-        for (const auto &p : parts) path.push_back(p.c_str());
+        std::vector<const char *> path;
+        for (const auto &p : parts)
+            path.push_back(p.c_str());
         path.push_back(nullptr);
 
         MMDB_entry_data_s entry{};
         int status = MMDB_aget_value(&res.entry, &entry, path.data());
-        if (status != MMDB_SUCCESS || !entry.has_data) continue;
-        
+        if (status != MMDB_SUCCESS || !entry.has_data)
+            continue;
+
         const std::string &field = parts.back();
 
         nlohmann::json value = entryToJson(mmdb, entry);
 
-        if (!value.is_null() && !(value.is_object() && value.empty())) {
-            if (parts.size() == 1) {
+        if (!value.is_null() && !(value.is_object() && value.empty()))
+        {
+            if (parts.size() == 1)
+            {
                 result[parts[0]] = value;
-            } else {
+            }
+            else
+            {
                 result[field] = value;
             }
         }
@@ -121,14 +148,18 @@ nlohmann::json GeoIP::lookup(const std::string &ip) const {
 }
 
 void GeoIP::enrich(const std::string &src_ip, const std::string &dst_ip,
-                   nlohmann::json &out) const {
-    if (!loaded) return;
+                   nlohmann::json &out) const
+{
+    if (!loaded)
+        return;
     auto src = lookup(src_ip);
-    if (!src.empty()) {
+    if (!src.empty())
+    {
         out["src_geoip2_city"] = src;
     }
     auto dst = lookup(dst_ip);
-    if (!dst.empty()) {
+    if (!dst.empty())
+    {
         out["dst_geoip2_city"] = dst;
     }
 }