diff --git a/pkg/agent/agent.go b/pkg/agent/agent.go index 5f8b9726e..f3ce0ded7 100644 --- a/pkg/agent/agent.go +++ b/pkg/agent/agent.go @@ -182,6 +182,8 @@ func FlowsAgent(cfg *Config) (*Flows, error) { if s, err = ovnobserv.NewSampleDecoderWithDefaultCollector(context.Background(), networkEventsDBPath, networkEventsOwnerName, cfg.NetworkEventsMonitoringGroupID); err != nil { alog.Warnf("failed to create Network Events sample decoder: %v for id: %d", err, cfg.NetworkEventsMonitoringGroupID) + } else { + alog.Info("Network Events sample decoder successfully created") } } else { alog.Warn("old kernel doesn't support network events monitoring skip") diff --git a/pkg/pbflow/proto.go b/pkg/pbflow/proto.go index 723ac5364..4c3d5b1c3 100644 --- a/pkg/pbflow/proto.go +++ b/pkg/pbflow/proto.go @@ -7,7 +7,7 @@ import ( "github.com/netobserv/flowlogs-pipeline/pkg/config" "github.com/netobserv/netobserv-ebpf-agent/pkg/ebpf" "github.com/netobserv/netobserv-ebpf-agent/pkg/model" - ovnmodel "github.com/ovn-org/ovn-kubernetes/go-controller/observability-lib/model" + "github.com/netobserv/netobserv-ebpf-agent/pkg/utils" ovnobserv "github.com/ovn-org/ovn-kubernetes/go-controller/observability-lib/sampledecoder" "github.com/sirupsen/logrus" "google.golang.org/protobuf/types/known/durationpb" @@ -106,32 +106,13 @@ func FlowToPB(fr *model.Record, s *ovnobserv.SampleDecoder) *Record { seen := make(map[string]bool) pbflowRecord.NetworkEventsMetadata = make([]*NetworkEvent, 0) for _, metadata := range fr.Metrics.AdditionalMetrics.NetworkEvents { - var pbEvent NetworkEvent if !model.AllZerosMetaData(metadata) { if md, err := s.DecodeCookie8Bytes(metadata); err == nil { - acl, ok := md.(*ovnmodel.ACLEvent) mdStr := md.String() protoLog.Debugf("Network Events Metadata %v decoded Cookie: %v decoded string: %s", metadata, md, mdStr) if !seen[mdStr] { - if ok { - pbEvent = NetworkEvent{ - Events: map[string]string{ - "Action": acl.Action, - "Type": acl.Actor, - "Feature": "acl", - "Name": acl.Name, - "Namespace": acl.Namespace, - "Direction": acl.Direction, - }, - } - } else { - pbEvent = NetworkEvent{ - Events: map[string]string{ - "Message": mdStr, - }, - } - } - pbflowRecord.NetworkEventsMetadata = append(pbflowRecord.NetworkEventsMetadata, &pbEvent) + eventMap := utils.NetworkEventToMap(md) + pbflowRecord.NetworkEventsMetadata = append(pbflowRecord.NetworkEventsMetadata, &NetworkEvent{Events: eventMap}) seen[mdStr] = true } } else { diff --git a/pkg/utils/network_events.go b/pkg/utils/network_events.go new file mode 100644 index 000000000..4e84aca12 --- /dev/null +++ b/pkg/utils/network_events.go @@ -0,0 +1,63 @@ +package utils + +import ( + "github.com/netobserv/flowlogs-pipeline/pkg/config" + ovnmodel "github.com/ovn-org/ovn-kubernetes/go-controller/observability-lib/model" +) + +func NetworkEventToMap(netev ovnmodel.NetworkEvent) map[string]string { + if acl, ok := netev.(*ovnmodel.ACLEvent); ok { + return map[string]string{ + "Action": acl.Action, + "Type": acl.Actor, + "Feature": "acl", + "Name": acl.Name, + "Namespace": acl.Namespace, + "Direction": acl.Direction, + } + } + return map[string]string{ + "Message": netev.String(), + } +} + +func NetworkEventsToStrings(flow config.GenericMap) []string { + if ne, found := flow["NetworkEvents"]; found { + if neList, isList := ne.([]any); isList { + var messages []string + for _, item := range neList { + if neItem, isMap := item.(map[string]any); isMap { + messages = append(messages, networkEventItemToString(neItem)) + } + } + return messages + } + } + return nil +} + +func networkEventItemToString(in map[string]any) string { + if msg := getAsString(in, "Message"); msg != "" { + return msg + } + if feat := getAsString(in, "Feature"); feat == "acl" { + aclObj := ovnmodel.ACLEvent{ + Action: getAsString(in, "Action"), + Actor: getAsString(in, "Type"), + Name: getAsString(in, "Name"), + Namespace: getAsString(in, "Namespace"), + Direction: getAsString(in, "Direction"), + } + return aclObj.String() + } + return "" +} + +func getAsString(in map[string]any, key string) string { + if anyV, hasKey := in[key]; hasKey { + if v, isStr := anyV.(string); isStr { + return v + } + } + return "" +}