Documentation
¶
Index ¶
- Constants
- Variables
- func ParseInterval(interval string) (time.Time, time.Time, error)
- type OpenMode
- type Plugin
- func (p *Plugin) Extract(req sdk.ExtractRequest, evt sdk.EventReader) error
- func (p *Plugin) Fields() []sdk.FieldEntry
- func (p *Plugin) Info() *plugins.Info
- func (p *Plugin) Init(cfg string) error
- func (p *Plugin) InitSchema() *sdk.SchemaInfo
- func (p *Plugin) Open(params string) (source.Instance, error)
- func (p *Plugin) String(evt sdk.EventReader) (string, error)
- type PluginConfig
- type PluginConfigAWS
- type PluginInstance
Constants ¶
View Source
const ( PluginID uint32 = 2 PluginName = "cloudtrail" PluginDescription = "reads cloudtrail JSON data saved to file in the directory specified in the settings" PluginContact = "github.com/falcosecurity/plugins/" PluginVersion = "0.12.0" PluginEventSource = "aws_cloudtrail" )
Plugin info
Variables ¶
View Source
var RFC3339Simple = "2006-01-02T15:04:05Z"
Functions ¶
Types ¶
type Plugin ¶
type Plugin struct {
plugins.BasePlugin
Config PluginConfig
ConfigAWS aws.Config
// contains filtered or unexported fields
}
This is the global plugin state, identifying an instance of this plugin
func (*Plugin) Extract ¶
func (p *Plugin) Extract(req sdk.ExtractRequest, evt sdk.EventReader) error
func (*Plugin) Fields ¶
func (p *Plugin) Fields() []sdk.FieldEntry
func (*Plugin) InitSchema ¶
func (p *Plugin) InitSchema() *sdk.SchemaInfo
type PluginConfig ¶
type PluginConfig struct {
S3DownloadConcurrency int `` /* 179-byte string literal not displayed */
S3Interval string `` /* 143-byte string literal not displayed */
SQSDelete bool `` /* 193-byte string literal not displayed */
UseAsync bool `` /* 150-byte string literal not displayed */
UseS3SNS bool `` /* 194-byte string literal not displayed */
S3AccountList string `` /* 171-byte string literal not displayed */
AWS PluginConfigAWS `json:"aws"`
}
Struct for plugin init config
func (*PluginConfig) Reset ¶
func (p *PluginConfig) Reset()
Reset sets the configuration to its default values
type PluginConfigAWS ¶
type PluginConfigAWS struct {
Profile string `` /* 206-byte string literal not displayed */
Region string `` /* 208-byte string literal not displayed */
Config string `` /* 217-byte string literal not displayed */
Credentials string `` /* 242-byte string literal not displayed */
}
PluginConfigAWS contains configuration options for the AWS SDK. This can be included in plugins' init configuration struct definition to declare AWS-specific config fields
func (*PluginConfigAWS) ConfigAWS ¶
func (p *PluginConfigAWS) ConfigAWS() (aws.Config, error)
ConfigAWS creates loads the AWS SDK config by using the contents of the given PluginConfigAWS
func (*PluginConfigAWS) Reset ¶
func (p *PluginConfigAWS) Reset()
Reset sets the configuration to its default values
type PluginInstance ¶
type PluginInstance struct {
source.BaseInstance
// contains filtered or unexported fields
}
This is the open state, identifying an open instance reading cloudtrail files from a local directory or from a remote S3 bucket (either direct or via a SQS queue)
func (*PluginInstance) NextBatch ¶
func (o *PluginInstance) NextBatch(pState sdk.PluginState, evts sdk.EventWriters) (int, error)
func (*PluginInstance) Progress ¶
func (o *PluginInstance) Progress(pState sdk.PluginState) (float64, string)
Source Files
¶
Click to show internal directories.
Click to hide internal directories.