Documentation
¶
Overview ¶
Package logger creates an osquery logging plugin.
See https://osquery.readthedocs.io/en/latest/development/logger-plugins/ for more.
Index ¶
- type DifferentialResult
- type Log
- type LogFunc
- type LogType
- type Plugin
- func (t *Plugin) Call(ctx context.Context, request osquery.ExtensionPluginRequest) (osquery.ExtensionPluginResponse, error)
- func (t *Plugin) Name() string
- func (t *Plugin) Ping(ctx context.Context) osquery.ExtensionStatus
- func (t *Plugin) RegistryName() string
- func (t *Plugin) Routes() osquery.ExtensionPluginResponse
- func (t *Plugin) Shutdown()
- type Result
- type ResultMetadata
- type SnapshotResult
- type UnknownLog
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type DifferentialResult ¶
type DifferentialResult struct {
Columns map[string]string `json:"columns"`
*ResultMetadata
}
func (DifferentialResult) ToRequest ¶
func (d DifferentialResult) ToRequest() osquery.ExtensionPluginRequest
func (DifferentialResult) Type ¶
func (DifferentialResult) Type() LogType
type Log ¶
type Log interface {
Type() LogType
ToRequest() osquery.ExtensionPluginRequest
}
func RequestToLog ¶
func RequestToLog(req osquery.ExtensionPluginRequest) Log
type LogFunc ¶
LogFunc is the logger function used by an osquery Logger plugin.
The LogFunc should log the provided result string. The LogType argument can be optionally used to log differently depending on the type of log received. The context argument can optionally be used for cancellation in long-running operations.
type Plugin ¶
type Plugin struct {
// contains filtered or unexported fields
}
Plugin is an osquery logger plugin. The Plugin struct implements the OsqueryPlugin interface.
func NewPlugin ¶
NewPlugin takes a value that implements LoggerPlugin and wraps it with the appropriate methods to satisfy the OsqueryPlugin interface. Use this to easily create plugins implementing osquery loggers.
func (*Plugin) Call ¶
func (t *Plugin) Call(ctx context.Context, request osquery.ExtensionPluginRequest) (osquery.ExtensionPluginResponse, error)
func (*Plugin) RegistryName ¶
func (*Plugin) Routes ¶
func (t *Plugin) Routes() osquery.ExtensionPluginResponse
type Result ¶
type Result interface {
Log
Metadata() *ResultMetadata
}
type ResultMetadata ¶
type ResultMetadata struct {
Name string `json:"name"`
HostIdentifier string `json:"hostIdentifier"`
// TODO: CalendarTime time.Time `json:"calendarTime"`
UnixTime int `json:"unixTime"`
Epoch int `json:"epoch"`
Counter int `json:"counter"`
Numerics bool `json:"numerics"`
Decorations map[string]string `json:"decorations"`
Action string `json:"action"`
}
func (*ResultMetadata) Metadata ¶
func (r *ResultMetadata) Metadata() *ResultMetadata
type SnapshotResult ¶
type SnapshotResult struct {
*ResultMetadata
Snapshot []map[string]string `json:"snapshot"`
}
func (SnapshotResult) ToRequest ¶
func (s SnapshotResult) ToRequest() osquery.ExtensionPluginRequest
func (SnapshotResult) Type ¶
func (SnapshotResult) Type() LogType
type UnknownLog ¶
func (UnknownLog) ToRequest ¶
func (u UnknownLog) ToRequest() osquery.ExtensionPluginRequest
func (UnknownLog) Type ¶
func (u UnknownLog) Type() LogType
Source Files