README
¶
Log Writer
Writes the log to the proper stream based on the Logger configuration
Log Formatter
Transforms an AuditLog struct into a binary representation
Logger
- Contains configurations like directories and permissions
Documentation
¶
Overview ¶
Package auditlog implements a set of log formatters and writers for audit logging.
The following log formats are supported:
- JSON - Coraza - Native
The following log writers are supported:
- Serial - Concurrent
More writers and formatters can be registered using the RegisterWriter and RegisterFormatter functions.
Index ¶
- Variables
- func GetFormatter(name string) (plugintypes.AuditLogFormatter, error)
- func GetWriter(name string) (plugintypes.AuditLogWriter, error)
- func NewConfig() plugintypes.AuditLogConfig
- func RegisterFormatter(name string, f plugintypes.AuditLogFormatter)
- func RegisterWriter(name string, writer func() plugintypes.AuditLogWriter)
- type Log
- type Message
- type MessageData
- func (md *MessageData) Accuracy() int
- func (md *MessageData) Data() string
- func (md *MessageData) File() string
- func (md *MessageData) ID() int
- func (md *MessageData) Line() int
- func (md *MessageData) Maturity() int
- func (md *MessageData) Msg() string
- func (md *MessageData) Raw() string
- func (md *MessageData) Rev() string
- func (md *MessageData) Severity() types.RuleSeverity
- func (md *MessageData) Tags() []string
- func (md *MessageData) Ver() string
- type Transaction
- func (t Transaction) ClientIP() string
- func (t Transaction) ClientPort() int
- func (t Transaction) HasRequest() bool
- func (t Transaction) HasResponse() bool
- func (t Transaction) HostIP() string
- func (t Transaction) HostPort() int
- func (t Transaction) ID() string
- func (t Transaction) Producer() plugintypes.AuditLogTransactionProducer
- func (t Transaction) Request() plugintypes.AuditLogTransactionRequest
- func (t Transaction) Response() plugintypes.AuditLogTransactionResponse
- func (t Transaction) ServerID() string
- func (t Transaction) Timestamp() string
- func (t Transaction) UnixTimestamp() int64
- type TransactionProducer
- type TransactionRequest
- func (tr *TransactionRequest) Body() string
- func (tr *TransactionRequest) Files() []plugintypes.AuditLogTransactionRequestFiles
- func (tr *TransactionRequest) HTTPVersion() string
- func (tr *TransactionRequest) Headers() map[string][]string
- func (tReq *TransactionRequest) Method() string
- func (tr *TransactionRequest) Protocol() string
- func (tr *TransactionRequest) URI() string
- type TransactionRequestFiles
- type TransactionResponse
Constants ¶
This section is empty.
Variables ¶
View Source
var NoopCloser = noopCloser{}
Functions ¶
func GetFormatter ¶
func GetFormatter(name string) (plugintypes.AuditLogFormatter, error)
GetFormatter returns a formatter by name It returns an error if it doesn't exist
func GetWriter ¶
func GetWriter(name string) (plugintypes.AuditLogWriter, error)
GetWriter returns a logger by name It returns an error if it doesn't exist
func NewConfig ¶
func NewConfig() plugintypes.AuditLogConfig
NewConfig returns a Config with default values.
func RegisterFormatter ¶
func RegisterFormatter(name string, f plugintypes.AuditLogFormatter)
RegisterFormatter registers a new logger format it can be used for plugins
func RegisterWriter ¶
func RegisterWriter(name string, writer func() plugintypes.AuditLogWriter)
RegisterWriter registers a new logger it can be used for plugins
Types ¶
type Log ¶
type Log struct {
// Parts contains the parts of the audit log
Parts_ types.AuditLogParts `json:"-"`
// Transaction contains the transaction information
Transaction_ Transaction `json:"transaction"`
// Messages contains the triggered rules information
Messages_ []plugintypes.AuditLogMessage `json:"messages,omitempty"`
}
Log represents the main struct for audit log data
func (*Log) Messages ¶
func (l *Log) Messages() []plugintypes.AuditLogMessage
func (*Log) Parts ¶
func (l *Log) Parts() types.AuditLogParts
func (*Log) Transaction ¶
func (l *Log) Transaction() plugintypes.AuditLogTransaction
func (*Log) UnmarshalJSON ¶
type Message ¶
type Message struct {
Actionset_ string `json:"actionset"`
Message_ string `json:"message"`
Data_ *MessageData `json:"data"`
}
Message contains information about the triggered rules
func (Message) Data ¶
func (m Message) Data() plugintypes.AuditLogMessageData
type MessageData ¶
type MessageData struct {
File_ string `json:"file"`
Line_ int `json:"line"`
ID_ int `json:"id"`
Rev_ string `json:"rev"`
Msg_ string `json:"msg"`
Data_ string `json:"data"`
Severity_ types.RuleSeverity `json:"severity"`
Ver_ string `json:"ver"`
Maturity_ int `json:"maturity"`
Accuracy_ int `json:"accuracy"`
Tags_ []string `json:"tags"`
Raw_ string `json:"raw"`
}
MessageData contains information about the triggered rules in detail
func (*MessageData) Accuracy ¶
func (md *MessageData) Accuracy() int
func (*MessageData) Data ¶
func (md *MessageData) Data() string
func (*MessageData) File ¶
func (md *MessageData) File() string
func (*MessageData) ID ¶
func (md *MessageData) ID() int
func (*MessageData) Line ¶
func (md *MessageData) Line() int
func (*MessageData) Maturity ¶
func (md *MessageData) Maturity() int
func (*MessageData) Msg ¶
func (md *MessageData) Msg() string
func (*MessageData) Raw ¶
func (md *MessageData) Raw() string
func (*MessageData) Rev ¶
func (md *MessageData) Rev() string
func (*MessageData) Severity ¶
func (md *MessageData) Severity() types.RuleSeverity
func (*MessageData) Tags ¶
func (md *MessageData) Tags() []string
func (*MessageData) Ver ¶
func (md *MessageData) Ver() string
type Transaction ¶
type Transaction struct {
// Timestamp "02/Jan/2006:15:04:20 -0700" format
Timestamp_ string `json:"timestamp"`
UnixTimestamp_ int64 `json:"unix_timestamp"`
// Unique ID
ID_ string `json:"id"`
// Client IP Address string representation
ClientIP_ string `json:"client_ip"`
ClientPort_ int `json:"client_port"`
HostIP_ string `json:"host_ip"`
HostPort_ int `json:"host_port"`
ServerID_ string `json:"server_id"`
Request_ *TransactionRequest `json:"request,omitempty"`
Response_ *TransactionResponse `json:"response,omitempty"`
Producer_ *TransactionProducer `json:"producer,omitempty"`
}
Transaction contains transaction specific information
func (Transaction) ClientIP ¶
func (t Transaction) ClientIP() string
func (Transaction) ClientPort ¶
func (t Transaction) ClientPort() int
func (Transaction) HasRequest ¶
func (t Transaction) HasRequest() bool
func (Transaction) HasResponse ¶
func (t Transaction) HasResponse() bool
func (Transaction) HostIP ¶
func (t Transaction) HostIP() string
func (Transaction) HostPort ¶
func (t Transaction) HostPort() int
func (Transaction) ID ¶
func (t Transaction) ID() string
func (Transaction) Producer ¶
func (t Transaction) Producer() plugintypes.AuditLogTransactionProducer
func (Transaction) Request ¶
func (t Transaction) Request() plugintypes.AuditLogTransactionRequest
func (Transaction) Response ¶
func (t Transaction) Response() plugintypes.AuditLogTransactionResponse
func (Transaction) ServerID ¶
func (t Transaction) ServerID() string
func (Transaction) Timestamp ¶
func (t Transaction) Timestamp() string
func (Transaction) UnixTimestamp ¶
func (t Transaction) UnixTimestamp() int64
type TransactionProducer ¶
type TransactionProducer struct {
Connector_ string `json:"connector"`
Version_ string `json:"version"`
Server_ string `json:"server"`
RuleEngine_ string `json:"rule_engine"`
Stopwatch_ string `json:"stopwatch"`
Rulesets_ []string `json:"rulesets"`
}
TransactionProducer contains producer specific information for debugging
func (*TransactionProducer) Connector ¶
func (tp *TransactionProducer) Connector() string
func (*TransactionProducer) RuleEngine ¶
func (tp *TransactionProducer) RuleEngine() string
func (*TransactionProducer) Rulesets ¶
func (tp *TransactionProducer) Rulesets() []string
func (*TransactionProducer) Server ¶
func (tp *TransactionProducer) Server() string
func (*TransactionProducer) Stopwatch ¶
func (tp *TransactionProducer) Stopwatch() string
func (*TransactionProducer) Version ¶
func (tp *TransactionProducer) Version() string
type TransactionRequest ¶
type TransactionRequest struct {
Method_ string `json:"method"`
Protocol_ string `json:"protocol"`
URI_ string `json:"uri"`
HTTPVersion_ string `json:"http_version"`
Headers_ map[string][]string `json:"headers"`
Body_ string `json:"body"`
Files_ []plugintypes.AuditLogTransactionRequestFiles `json:"files"`
}
TransactionRequest contains request specific information
func (*TransactionRequest) Body ¶
func (tr *TransactionRequest) Body() string
func (*TransactionRequest) Files ¶
func (tr *TransactionRequest) Files() []plugintypes.AuditLogTransactionRequestFiles
func (*TransactionRequest) HTTPVersion ¶
func (tr *TransactionRequest) HTTPVersion() string
func (*TransactionRequest) Headers ¶
func (tr *TransactionRequest) Headers() map[string][]string
func (*TransactionRequest) Method ¶
func (tReq *TransactionRequest) Method() string
func (*TransactionRequest) Protocol ¶
func (tr *TransactionRequest) Protocol() string
func (*TransactionRequest) URI ¶
func (tr *TransactionRequest) URI() string
type TransactionRequestFiles ¶
type TransactionRequestFiles struct {
Name_ string `json:"name"`
Size_ int64 `json:"size"`
Mime_ string `json:"mime"`
}
TransactionRequestFiles contains information for the uploaded files using multipart forms
func (TransactionRequestFiles) Mime ¶
func (trf TransactionRequestFiles) Mime() string
func (TransactionRequestFiles) Name ¶
func (trf TransactionRequestFiles) Name() string
func (TransactionRequestFiles) Size ¶
func (trf TransactionRequestFiles) Size() int64
type TransactionResponse ¶
type TransactionResponse struct {
Protocol_ string `json:"protocol"`
Status_ int `json:"status"`
Headers_ map[string][]string `json:"headers"`
Body_ string `json:"body"`
}
TransactionResponse contains response specific information
func (*TransactionResponse) Body ¶
func (tr *TransactionResponse) Body() string
func (*TransactionResponse) Headers ¶
func (tr *TransactionResponse) Headers() map[string][]string
func (*TransactionResponse) Protocol ¶
func (tRes *TransactionResponse) Protocol() string
func (*TransactionResponse) Status ¶
func (tr *TransactionResponse) Status() int
Source Files
Click to show internal directories.
Click to hide internal directories.