Documentation ¶
Overview ¶
Package varlogsecure provides a way to read the contents of /var/log/secure and process them into ssh login events.
Index ¶
Constants ¶
View Source
const ( // VarLogSecureFilePath is the path to the /var/log/secure file. VarLogSecureFilePath = "/var/log/secure" // VarLogSecureComponentName is the component name for /var/log/secure. VarLogSecureComponentName = "varlogsecure" )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type VarLogSecure ¶
type VarLogSecure struct { L *zap.SugaredLogger Logins chan<- common.RemoteUserLogin NodeName string MachineID string AuWriter *auditevent.EventWriter Health *health.Health Metrics *metrics.PrometheusMetricsProvider SshdProcessor sshd.SshdProcessor }
VarLogSecure is a helper struct to read from /var/log/secure.
func (*VarLogSecure) Read ¶
func (v *VarLogSecure) Read(ctx context.Context) error
Read reads from /var/log/secure and processes the lines into common.RemoteUserLogin events. TODO: If the process restarts, this will start reading from the beginning of the file. This is not ideal. We should be able to read from where we left off.
Click to show internal directories.
Click to hide internal directories.