eventmonitor

command module

v0.0.0-...-e99c5ee Latest Latest Go to latest Published: Jun 19, 2016 License: MIT Imports: 9 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/nwolber/eventmonitor

Links

Open Source Insights

README ¶

#Eventmonitor Eventmonitor monitors diffrent event sources. These events are written to an InfluxDB and can be used by Grafana for annotations.

##Installation

go get -u github.com/nwolber/loginmonitor

##Usage

loginmonitor -help
  -authlog string
        The PAM authentication log to watch for login/logout messages (default "/var/log/auth.log")
  -config
        Print config
  -db string
        Database where events are written to
  -help
        Print this help message
  -host string 
        String to use in the 'hostname' tag, if empty the system will be queried
  -influxdb string
        InfluxDB HTTP endpoint (default "http://localhost:8086")
  -measurement string
        Measurement where events are written to (default "events")
  -password string
        Password for InfluxDB
  -username string
        Username for InfluxDB

##InfluxDB schema Events are written to a measurement per provider. Currently there are two providers, auth and docker.

Shared tags:

hostname: The host the event occured on. This is either provided through the -host command line flag or automatically retrieved from the operation system.
event: The type of event.

Shared fields:

description: A textual description of what happend.

###Auth log The Linux authentication log is monitored for PAM user login and logout messages. Authentication events are stored in the authEvents measurement. Event values therefore are login and logout.

Additional tags:

user: The name of the user that caused the event.

###Docker Docker is monitored for events indicating the start and stop of a container. Docker events are stored in the dockerEvent measurement.. Event values are containerStart and containerStop.

Additional tags:

container: The name of the container that caused the event.
image: The image the container was running.
service: The Docker Compose service the container belonged to, if available.

##Grafana Annotations ###Add annotations for logouts, regardless of the user that logged out.

SELECT description FROM events WHERE type='logout' AND $timeFilter

###Add annotations for logins and logouts of the root user.

SELECT description FROM events WHERE "user"='root' AND $timeFilter

##License MIT. See LICENSE file.

Documentation ¶

There is no documentation for this package.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL