Documentation ¶
Overview ¶
Package io implements IO primitives
Index ¶
- func Count(filename string) (count int64, err error)
- func CreateElasticIndex(wc *WriterConfig)
- func Dump(w *os.File, c DumpConfig) error
- func FPrintBuildInfo(w io.Writer)
- func FPrintLogo(w io.Writer)
- func GenerateConfig(fs *flag.FlagSet, tool string)
- func InitLabelManager(pathMappingInfo string, debug bool, scatter bool, ...)
- func InitRecord(typ types.Type) (record proto.Message)
- func NewHeader(t types.Type, source, version string, includesPayloads bool, ti time.Time) *types.Header
- func PrintBuildInfo()
- func PrintLogo()
- func SetLogger(lg *zap.Logger)
- type AuditRecordWriter
- type ChannelAuditRecordWriter
- type DumpConfig
- type ElasticConfig
- type Reader
- type WriterConfig
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func Count ¶ added in v0.6.6
Count returns the total number of records found in an audit record file it does not return an error in case of a regular EOF but will return an error in case of an unexpected EOF.
func CreateElasticIndex ¶ added in v0.6.6
func CreateElasticIndex(wc *WriterConfig)
CreateElasticIndex will create and configure a single elastic database index.
func Dump ¶ added in v0.6.6
func Dump(w *os.File, c DumpConfig) error
Dump reads the specified netcap file and dumps the output according to the configuration to the specified *io.File.
func FPrintBuildInfo ¶ added in v0.6.6
FPrintBuildInfo PrintBuildInfo displays build information related to netcap to the specified io protoWriter.
func FPrintLogo ¶ added in v0.6.6
FPrintLogo PrintLogo prints the netcap logo.
func GenerateConfig ¶ added in v0.6.6
GenerateConfig generates a default configuration for the given flag set.
func InitLabelManager ¶ added in v0.6.6
func InitLabelManager(pathMappingInfo string, debug bool, scatter bool, scatterDuration time.Duration)
InitLabelManager can be invoked to configure the labels
func InitRecord ¶ added in v0.6.6
InitRecord initializes a new record of the given type that conforms to the proto.Message interface if netcap is extended with new audit records they need to be added here as well.
func NewHeader ¶ added in v0.6.6
func NewHeader(t types.Type, source, version string, includesPayloads bool, ti time.Time) *types.Header
NewHeader creates and returns a new netcap audit file header.
func PrintBuildInfo ¶ added in v0.6.6
func PrintBuildInfo()
PrintBuildInfo displays build information related to netcap to stdout.
Types ¶
type AuditRecordWriter ¶ added in v0.6.6
type AuditRecordWriter interface { Write(msg proto.Message) error WriteHeader(t types.Type) error Close(numRecords int64) (name string, size int64) }
AuditRecordWriter is an interface for writing netcap audit records.
func NewAuditRecordWriter ¶ added in v0.6.6
func NewAuditRecordWriter(wc *WriterConfig) AuditRecordWriter
NewAuditRecordWriter will return a new writer for netcap audit records.
type ChannelAuditRecordWriter ¶ added in v0.6.6
type ChannelAuditRecordWriter interface { AuditRecordWriter GetChan() <-chan []byte }
ChannelAuditRecordWriter extends the AuditRecordWriter by offering a function to get a channel to receive serialized audit records.
type DumpConfig ¶ added in v0.6.6
type DumpConfig struct { Path string Separator string Selection string MemBufferSize int JSON bool Table bool UTC bool Fields bool TabSeparated bool Structured bool CSV bool ForceColors bool }
DumpConfig contains all possible settings for dumping an audit records this structure has an optimized field order to avoid excessive padding.
type ElasticConfig ¶ added in v0.6.6
type ElasticConfig struct { // ElasticAddrs is a list of elastic database endpoints to send data to // the elastic default is localhost:9200 ElasticAddrs []string // ElasticUser is the elastic user in case the database is protected via basic auth ElasticUser string // ElasticPass is the elastic password in case the database is protected via basic auth ElasticPass string // KibanaEndpoint is the address for Kibana KibanaEndpoint string // LimitTotalFields is the maximum number of fields allowed per batch LimitTotalFields int // BulkSize controls the number of documents sent to elastic per batch BulkSize int }
ElasticConfig allows to overwrite elastic defaults.
type Reader ¶ added in v0.6.6
type Reader struct {
// contains filtered or unexported fields
}
Reader implements reading netcap audit record files.
type WriterConfig ¶ added in v0.6.6
type WriterConfig struct { // Writer Types: // Comma Separated Values writer CSV bool // Protobuf writer Proto bool // JSON writer JSON bool // Channel writer Chan bool // ChanSize is the size of chunks sent through the channel ChanSize int // Elastic db writer Elastic bool // UnixSocket writer UnixSocket bool // ElasticConfig allows to overwrite elastic defaults ElasticConfig // The Null writer will write nothing to disk and discard all data. Null bool // Netcap header information Name string Type types.Type Buffer bool Compress bool Out string MemBufferSize int // Netcap header information Source string Version string IncludesPayloads bool StartTime time.Time // compression CompressionBlockSize int CompressionLevel int // Encode data on the fly Encode bool // Label data on the fly Label bool }
WriterConfig contains config parameters for a audit record writer.