kernel

package
v6.0.0-alpha2+incompat... Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 31, 2017 License: Apache-2.0 Imports: 12 Imported by: 0

Documentation

Overview

Package kernel is a metricset that subscribes to the Linux Audit Framework to receive audit events from the the kernel.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func New

func New(base mb.BaseMetricSet) (mb.MetricSet, error)

New constructs a new MetricSet.

Types

type Config

type Config struct {
	ResolveIDs   bool   `config:"kernel.resolve_ids"`         // Resolve UID/GIDs to names.
	BacklogLimit uint32 `config:"kernel.backlog_limit"`       // Max number of message to buffer in the kernel.
	RateLimit    uint32 `config:"kernel.rate_limit"`          // Rate limit in messages/sec of messages from kernel.
	RawMessage   bool   `config:"kernel.include_raw_message"` // Include the list of raw audit messages in the event.
	Warnings     bool   `config:"kernel.include_warnings"`    // Include warnings in the event (for dev/debug purposes only).
}

Config defines the kernel metricset's possible configuration options.

type MetricSet

type MetricSet struct {
	mb.BaseMetricSet
	// contains filtered or unexported fields
}

MetricSet listens for audit messages from the Linux kernel using a netlink socket. It buffers the messages to ensure ordering and then streams the output. MetricSet implements the mb.PushMetricSet interface, and therefore does not rely on polling.

func (*MetricSet) Run

func (ms *MetricSet) Run(reporter mb.PushReporter)

Run initializes the audit client and receives audit messages from the kernel until the reporter's done channel is closed.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL