sshd

Documentation

Overview

Package sshd parses ssh log lines and generates JSON representing ssh events

Index

• type AuthorizedKey
  • func ParseAuthorizedKey(in []byte) (*AuthorizedKey, error)
  • func (k *AuthorizedKey) Fingerprint() []byte
• type SshdProfile
  • func (p *SshdProfile) HandleOutput(records <-chan interface{}, dryRun bool) <-chan error
  • func (p *SshdProfile) Init() error
  • func (p *SshdProfile) Name() string
  • func (p *SshdProfile) ProcessRecord(line string) (interface{}, error)

Types

type AuthorizedKey

type AuthorizedKey struct {
	ssh.PublicKey
	Comment string
}

AuthorizedKey represents an ssh public key

func ParseAuthorizedKey

func ParseAuthorizedKey(in []byte) (*AuthorizedKey, error)

ParseAuthorizedKey attempts to parse an ssh public key

func (*AuthorizedKey) Fingerprint

func (k *AuthorizedKey) Fingerprint() []byte

Fingerprint implements the RFC4716 key fingerprint for ssh keys

type SshdProfile

type SshdProfile struct {
	// contains filtered or unexported fields
}

SshdProfile is a logtailer profile that parses ssh login events from sshd logs

func (*SshdProfile) HandleOutput

func (p *SshdProfile) HandleOutput(records <-chan interface{}, dryRun bool) <-chan error

HandleOutput recieves a channel of input lines and a flag of whether or not this is a dry run being invoked (to avoid side-effects).

The return value is a channel of errors. logtailer keeps track of the number of errors and exits non-zero if they are over a threshold.

func (*SshdProfile) Init

func (p *SshdProfile) Init() error

Init initializes the SshdProfile instance

func (*SshdProfile) Name

func (p *SshdProfile) Name() string

Name returns the name of the profile and must be unique amongst registered. profiles

func (*SshdProfile) ProcessRecord

func (p *SshdProfile) ProcessRecord(line string) (interface{}, error)

ProcessRecord is invoked for every input log line. It returns a transformed. line or an error