use of org.graylog2.plugin.lookup.LookupResult in project graylog2-server by Graylog2.
the class DnsLookupDataAdapter method doGet.
@Override
protected LookupResult doGet(Object key) {
final String trimmedKey = StringUtils.trimToNull(key.toString());
if (trimmedKey == null) {
LOG.debug("A blank key was supplied");
return getEmptyResult();
}
LOG.debug("Beginning [{}] DNS resolution for key [{}]", config.lookupType(), trimmedKey);
LookupResult lookupResult;
switch(config.lookupType()) {
case A:
try (final Timer.Context ignored = resolveDomainNameTimer.time()) {
lookupResult = resolveIPv4AddressForHostname(trimmedKey);
}
break;
case AAAA:
{
try (final Timer.Context ignored = resolveDomainNameTimer.time()) {
lookupResult = resolveIPv6AddressForHostname(trimmedKey);
}
break;
}
case A_AAAA:
{
try (final Timer.Context ignored = resolveDomainNameTimer.time()) {
lookupResult = resolveAllAddressesForHostname(trimmedKey);
}
break;
}
case PTR:
{
try (final Timer.Context ignored = reverseLookupTimer.time()) {
lookupResult = performReverseLookup(trimmedKey);
}
break;
}
case TXT:
{
try (final Timer.Context ignored = textLookupTimer.time()) {
lookupResult = performTextLookup(trimmedKey);
}
break;
}
default:
throw new IllegalArgumentException(String.format(Locale.ENGLISH, "DnsLookupType [%s] is not supported", config.lookupType()));
}
LOG.debug("[{}] DNS resolution complete for key [{}]. Response [{}]", config.lookupType(), trimmedKey, lookupResult);
return lookupResult;
}
use of org.graylog2.plugin.lookup.LookupResult in project graylog2-server by Graylog2.
the class DnsLookupDataAdapter method performReverseLookup.
private LookupResult performReverseLookup(Object key) {
final PtrDnsAnswer dnsResponse;
try {
dnsResponse = dnsClient.reverseLookup(key.toString());
} catch (Exception e) {
LOG.error("Could not perform reverse DNS lookup for [{}]. Cause [{}]", key, ExceptionUtils.getRootCauseOrMessage(e));
errorCounter.inc();
return getErrorResult();
}
if (dnsResponse != null) {
if (!Strings.isNullOrEmpty(dnsResponse.fullDomain())) {
// Include answer in both single and multiValue fields.
final Map<Object, Object> multiValueResults = new LinkedHashMap<>();
multiValueResults.put(PtrDnsAnswer.FIELD_DOMAIN, dnsResponse.domain());
multiValueResults.put(PtrDnsAnswer.FIELD_FULL_DOMAIN, dnsResponse.fullDomain());
multiValueResults.put(PtrDnsAnswer.FIELD_DNS_TTL, dnsResponse.dnsTTL());
final LookupResult.Builder builder = LookupResult.builder().single(dnsResponse.fullDomain()).multiValue(multiValueResults).stringListValue(ImmutableList.of(dnsResponse.fullDomain()));
if (config.hasOverrideTTL()) {
builder.cacheTTL(config.getCacheTTLOverrideMillis());
} else {
builder.cacheTTL(dnsResponse.dnsTTL() * 1000);
}
return builder.build();
}
}
LOG.debug("Could not perform reverse lookup on IP address [{}]. No PTR record was found.", key);
return getEmptyResult();
}
Aggregations