eventproc

package
v0.0.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 7, 2021 License: AGPL-3.0 Imports: 17 Imported by: 0

Documentation

Overview

Package eventproc includes components to implement a simple security event management system.

This package is a work in progress and makes no API stability promises.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func RegisterFilter 

func RegisterFilter(class string, f FilterBuilder)

RegisterFilter register a filter for the class name passed.

func RegisterPlugin 

func RegisterPlugin(class string, f PluginBuilder)

RegisterPlugin register a plugin for the class name passed.

Types

type Action 

type Action uint8

Action defines the behaviours. 

const (
	ActionNext Action = iota
	ActionStop
	ActionFinish
	ActionJump
	ActionReturn
)

Several actions in rulechain.

type Builder 

type Builder struct {
	// contains filtered or unexported fields
}

Builder helps to create stacks using definitions structs.

func NewBuilder 

func NewBuilder(regsvc apiservice.Discover, opt ...BuilderOption) *Builder

NewBuilder instances a new builder.

func (*Builder) Build 

func (b *Builder) Build(def StackDef) (*Stack, error)

Build construct a stack with the name passed and the modules defined by the array ModuleDef

func (Builder) CachePath 

func (b Builder) CachePath(data string) string

CachePath returns path for cache.

func (Builder) CertPath 

func (b Builder) CertPath(cert string) string

CertPath returns path for certificate.

func (Builder) DataPath 

func (b Builder) DataPath(data string) string

DataPath returns path for data.

func (*Builder) Logger 

func (b *Builder) Logger() yalogi.Logger

Logger returns logger inside builder.

func (*Builder) OnShutdown 

func (b *Builder) OnShutdown(f func() error)

OnShutdown registers the functions that will be executed during shutdown.

func (*Builder) OnStartup 

func (b *Builder) OnStartup(f func() error)

OnStartup registers the functions that will be executed during startup.

func (*Builder) Service 

func (b *Builder) Service(id string) (apiservice.Service, bool)

Service returns apiservice with the id passed, returns false if not registered.

func (*Builder) Shutdown 

func (b *Builder) Shutdown() error

Shutdown executes all registered functions.

func (*Builder) Stack 

func (b *Builder) Stack(name string) (*Stack, bool)

Stack returns the stack with the name passed, it will returns false if the stack has not been built.

func (*Builder) StackNames 

func (b *Builder) StackNames() []string

StackNames returns the names of the stacks created by the builder.

func (*Builder) Start 

func (b *Builder) Start() error

Start executes all registered functions.

type BuilderOption 

type BuilderOption func(*buildOpts)

BuilderOption is used for builder configuration.

func CacheDir 

func CacheDir(s string) BuilderOption

CacheDir sets source dir.

func CertsDir 

func CertsDir(s string) BuilderOption

CertsDir sets certificate dir.

func DataDir 

func DataDir(s string) BuilderOption

DataDir sets data dir.

func SetBuildLogger 

func SetBuildLogger(l yalogi.Logger) BuilderOption

SetBuildLogger sets a logger for the component.

type CbRequest 

type CbRequest func(*Request)

CbRequest defines the format of the callbacks used by the hooks.

type FilterBuilder 

type FilterBuilder func(*Builder, *ItemDef) (ModuleFilter, error)

FilterBuilder defines the signature for the constuctors of the filters.

type GUIDGenerator 

type GUIDGenerator func() string

GUIDGenerator must returns a new unique Global ID for events.

type Hooks 

type Hooks struct {
	// contains filtered or unexported fields
}

Hooks stores information about the hooks.

func NewHooks 

func NewHooks() *Hooks

NewHooks creates a new Hooks instance.

func (*Hooks) AfterModule 

func (h *Hooks) AfterModule(fn CbRequest)

AfterModule adds a callback that will be executed before a stack module starts.

func (*Hooks) AfterProc 

func (h *Hooks) AfterProc(fn CbRequest)

AfterProc adds a callback that will be executed before the process end.

func (*Hooks) BeforeModule 

func (h *Hooks) BeforeModule(fn CbRequest)

BeforeModule adds a callback that will be executed before a stack module starts.

func (*Hooks) BeforeProc 

func (h *Hooks) BeforeProc(fn CbRequest)

BeforeProc adds a callback that will be executed before the process starts.

func (*Hooks) FinishProc 

func (h *Hooks) FinishProc(fn CbRequest)

FinishProc adds a callback that will be executed if the process finished ok.

type ItemDef 

type ItemDef struct {
	Class string                 `json:"class"`
	Args  []string               `json:"args,omitempty"`
	Opts  map[string]interface{} `json:"opts,omitempty"`
}

ItemDef defines a generic configuration item for filters and plugins.

type Module 

type Module struct {
	// Name of the module, it must be unique in the stack
	Name string
	// Filters that will be applied before the plugins are executed. If one of
	// them returns false, then will not be executed and the module result
	// will be Next. If all of them returns true, then all plugin will be
	// executed and the OnSuccess action will be returned (if no errors).
	Filters []ModuleFilter
	// Plugins will be executed if all filters returns true (or if Filters is
	// empty). If there is an error in any of the plugins, the OnError action
	// will be returned.
	Plugins []ModulePlugin
	// OnSucess will be returned to the processor if all the filters apply and
	// the plugins execution don't returns errors.
	OnSuccess StackAction
	// OnError will be returned to the processor if there is an error in
	// plugin execution.
	OnError StackAction
}

Module defines the information that will be stacked for the processing.

type ModuleDef 

type ModuleDef struct {
	Name      string      `json:"name"`
	Filters   []*ItemDef  `json:"filters,omitempty"`
	Plugins   []*ItemDef  `json:"plugins,omitempty"`
	OnSuccess StackAction `json:"onsuccess"`
	OnError   StackAction `json:"onerror"`
	Disabled  bool        `json:"disabled"`
}

ModuleDef defines configuration of the modules in the stack.

type ModuleFilter 

type ModuleFilter func(e event.Event) (result bool)

ModuleFilter is a signature for functions that filters events.

type ModulePlugin 

type ModulePlugin func(e *event.Event) error

ModulePlugin is a signature for functions that process events.

type Option 

type Option func(*options)

Option defines Processor options.

func SetBufferSize 

func SetBufferSize(n int) Option

SetBufferSize option defines the size of the event request buffer.

func SetGUIDGen 

func SetGUIDGen(g GUIDGenerator) Option

SetGUIDGen option sets a custom gid event generator.

func SetLogger 

func SetLogger(l yalogi.Logger) Option

SetLogger option sets a logger for the component.

func Workers 

func Workers(n int) Option

Workers option defines the number of goroutines used to event processing.

type PluginBuilder 

type PluginBuilder func(*Builder, *ItemDef) (ModulePlugin, error)

PluginBuilder defines the signature for the constuctors of the plugins.

type Processor 

type Processor struct {
	// contains filtered or unexported fields
}

Processor is the main class of the package.

func New 

func New(main *Stack, others []*Stack, db eventdb.Database, opt ...Option) *Processor

New creates a new processor with stack as the main stack.

func (*Processor) Close 

func (p *Processor) Close()

Close event processor.

func (*Processor) ForwardEvent 

func (p *Processor) ForwardEvent(ctx context.Context, e event.Event) error

ForwardEvent implements event.Forwarder.

func (*Processor) NotifyEvent 

func (p *Processor) NotifyEvent(ctx context.Context, e event.Event) (string, error)

NotifyEvent implements event.Notifier.

type Request 

type Request struct {
	Event      event.Event
	Enqueued   time.Time
	Started    time.Time
	Finished   time.Time
	StackTrace []string
	Peer       *peer.Peer
	// contains filtered or unexported fields
}

Request is used to store information of the event processing.

type Stack 

type Stack struct {
	// contains filtered or unexported fields
}

Stack is the struct used by the processor and contains the the modules that will be executed.

func NewStack 

func NewStack(name string) *Stack

NewStack returns a new Stack.

func (*Stack) Add 

func (s *Stack) Add(m *Module)

Add appends a module to the stack.

func (Stack) Name 

func (s Stack) Name() string

Name returns the name of the stack.

type StackAction 

type StackAction struct {
	Action Action
	Label  string
}

StackAction defines the actions returned by the modules to define the processing flow.

func (StackAction) MarshalJSON 

func (a StackAction) MarshalJSON() ([]byte, error)

MarshalJSON implements interface.

func (StackAction) String 

func (a StackAction) String() string

func (*StackAction) UnmarshalJSON 

func (a *StackAction) UnmarshalJSON(data []byte) error

UnmarshalJSON implements interface.

type StackDef 

type StackDef struct {
	Name     string      `json:"name"`
	Disabled bool        `json:"disabled"`
	Modules  []ModuleDef `json:"modules,omitempty"`
}

StackDef defines stack configuration.

func StackDefsFromFile 

func StackDefsFromFile(path string) ([]StackDef, error)

StackDefsFromFile returns all stack definitions in a file in json format.

Source Files

View all Source files

Directories

Path Synopsis
filters
basicexpr
Package basicexpr implements a basic expression filter for event processing.
 Package basicexpr implements a basic expression filter for event processing.
plugins
archiver
Package archiver implements a plugin for event archiving.
 Package archiver implements a plugin for event archiving.
executor
Package executor implements a plugin for exec commands.
 Package executor implements a plugin for exec commands.
forwarder
Package forwarder implements a plugin for event forwarding.
 Package forwarder implements a plugin for event forwarding.
jsonwriter
Package jsonwriter implements a plugin for event archiving.
 Package jsonwriter implements a plugin for event archiving.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.