Documentation ¶
Index ¶
- func GetUserByFingerprint(fp string, db *bolt.DB, bucket string) (string, error)
- func JournalToEvents(ctx context.Context, db *bolt.DB, bucket string) error
- func PrintEvent(event SessionEvent, colorFlag bool)
- func PrintLog(events []SessionEvent, colorFlag bool)
- func PrintSummary(sessions []Session, colorFlag bool)
- func UpdateKeysDB(ctx context.Context, keysFiles []string, db *bolt.DB, bucket string, ...) error
- func WatchLog(ctx context.Context, input *os.File, db *bolt.DB, bucket string, ...) error
- type Session
- type SessionEvent
- type User
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func GetUserByFingerprint ¶
func PrintEvent ¶
func PrintEvent(event SessionEvent, colorFlag bool)
func PrintLog ¶
func PrintLog(events []SessionEvent, colorFlag bool)
PrintLog prints the given list of SessionEvent objects with the specified format.
Parameters:
- events (List[SessionEvent]): The list of SessionEvent objects to be printed.
Returns:
- None
func PrintSummary ¶
PrintSummary takes a slice of Session objects and prints a summary of each session. For each session, the function prints the username, source IP, start time, end time, and duration of the session in the format "username\tsourceIP\tstartTime\tendTime\tduration". The start time and end time are formatted using the "2006-01-02 15:04:05" layout.
Parameters:
- sessions ([]Session): slice of Session objects
Returns:
- None
func UpdateKeysDB ¶
Types ¶
type Session ¶
type Session struct { Username string `json:"username"` SourceIP string `json:"source_ip"` Port string `json:"port"` StartTime time.Time `json:"start_time"` EndTime time.Time `json:"end_time"` KeyUser string `json:"key_user"` }
func EventsToSessions ¶
func EventsToSessions(events *[]SessionEvent) []Session
EventsToSessions converts a slice of SessionEvent into a slice of Session. It maintains a mapping of port to the user that logged in using that port, and uses this mapping to pair logout events with their corresponding login events.
Parameters:
- events: The slice of SessionEvent to be converted to Session.
Returns:
- sessions: A slice of Session representing the sessions created by the given events.
type SessionEvent ¶
type SessionEvent struct { EventType string `json:"event_type"` EventTime time.Time `json:"event_time"` Username string `json:"username"` SourceIP string `json:"source_ip"` Port string `json:"port"` KeyUser string `json:"key_user"` }
func LogToEvents ¶
LogToEvents takes a filename string and a pointer to a slice of User structs. It returns a slice of SessionEvent structs and an error. This function reads a log file, parses each line, and creates SessionEvent structs based on the contents of each line. The SessionEvent structs are returned in a slice.
Parameters:
- filename: string representing the path to the log file to be read
users - pointer to a slice of User structs to be used when creating SessionEvent structs
Returns:
- ([]SessionEvent): a slice of SessionEvent structs and an error, if it occurs