internal/types/types.go

package types

import "time"

// LogEvent represents a standardized honeypot event.
type LogEvent struct {
	// Time is the timestamp of the event.
	Time string `json:"time,omitempty"`

	// Type is the type of honeypot (e.g., "ssh", "telnet", "packetlogger", "http").
	Type HoneypotType `json:"type"`

	// Event is the specific event type (e.g., "auth_attempt", "connection", "request").
	Event HoneypotEvent `json:"event"`

	// RemoteAddr is the remote IP address.
	RemoteAddr string `json:"remote_addr,omitempty"`

	// RemotePort is the remote port number.
	RemotePort uint16 `json:"remote_port,omitempty"`

	// DstPort is the destination port number.
	DstPort uint16 `json:"dst_port,omitempty"`

	// Additional fields are stored in Fields map for flexibility.
	Fields map[string]any `json:"fields,omitempty"`
}

type LogErrorEvent struct {
	Event string
	Error error
	Args  []any
}

type LogInfoEvent struct {
	Event   string
	Message string
	Args    []any
}

type Tag string

const (
	TagBotnet       Tag = "botnet"
	TagPortScan     Tag = "port_scan"
	TagPingScan     Tag = "ping_scan"
	TagHighTraffic  Tag = "high_traffic"
	TagAuthAttempt  Tag = "auth_attempt"
	TagMalware      Tag = "malware"
	TagInfoStealing Tag = "info_stealing"
)

type HoneypotEvent string

const (
	EventAuthAttempt  HoneypotEvent = "auth_attempt"
	EventRequest      HoneypotEvent = "request"
	EventICMPPacket   HoneypotEvent = "icmp_packet"
	EventTCPPacket    HoneypotEvent = "tcp_packet"
	EventUDPPacket    HoneypotEvent = "udp_packet"
	EventDNSQuery     HoneypotEvent = "dns_query"
	EventTLSHandshake HoneypotEvent = "tls_handshake"
)

type HoneypotType string

const (
	HoneypotTypeSSH          HoneypotType = "ssh"
	HoneypotTypeFTP          HoneypotType = "ftp"
	HoneypotTypeRDP          HoneypotType = "rdp"
	HoneypotTypeHTTP         HoneypotType = "http"
	HoneypotTypeSMTP         HoneypotType = "smtp"
	HoneypotTypeTelnet       HoneypotType = "telnet"
	HoneypotTypeSIP          HoneypotType = "sip"
	HoneypotTypePacketLogger HoneypotType = "packetlogger"
	HoneypotTypeDNS          HoneypotType = "dns"
)

type BlocklistEntry struct {
	ID        int       `json:"id,omitempty"`
	Address   string    `json:"address"`
	Timestamp time.Time `json:"timestamp"`
	Expires   time.Time `json:"expires"`
	Reason    string    `json:"reason"`
}