README
¶
Log Writer
Writes the log to the proper stream based on the Logger configuration
Log Formatter
Transforms an AuditLog struct into a binary representation
Logger
- Contains configurations like directories and permissions
Documentation
¶
Overview ¶
Package loggers implements a set of log formatters and writers for audit logging.
The following log formats are supported:
- JSON - Coraza - Native
The following log writers are supported:
- Serial - Concurrent
More writers and formatters can be registered using the RegisterWriter and RegisterFormatter functions.
Index ¶
- func RegisterLogFormatter(name string, f func(al *AuditLog) ([]byte, error))
- func RegisterLogWriter(name string, writer func() LogWriter)
- type AuditLog
- type AuditMessage
- type AuditMessageData
- type AuditTransaction
- type AuditTransactionProducer
- type AuditTransactionRequest
- type AuditTransactionRequestFiles
- type AuditTransactionResponse
- type DebugLogger
- type LogFormatter
- type LogLevel
- type LogWriter
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func RegisterLogFormatter ¶
RegisterLogFormatter registers a new logger format it can be used for plugins
func RegisterLogWriter ¶
RegisterLogWriter registers a new logger it can be used for plugins
Types ¶
type AuditLog ¶
type AuditLog struct {
// Parts contains the parts of the audit log
Parts types.AuditLogParts `json:"-"`
// Transaction contains the transaction information
Transaction AuditTransaction `json:"transaction"`
// Messages contains the triggered rules information
Messages []AuditMessage `json:"messages"`
}
AuditLog represents the main struct for audit log data
type AuditMessage ¶
type AuditMessage struct {
Actionset string `json:"actionset"`
Message string `json:"message"`
Data AuditMessageData `json:"data"`
}
AuditMessage contains information about the triggered rules
type AuditMessageData ¶
type AuditMessageData struct {
File string `json:"file"`
Line int `json:"line"`
ID int `json:"id"`
Rev string `json:"rev"`
Msg string `json:"msg"`
Data string `json:"data"`
Severity types.RuleSeverity `json:"severity"`
Ver string `json:"ver"`
Maturity int `json:"maturity"`
Accuracy int `json:"accuracy"`
Tags []string `json:"tags"`
Raw string `json:"raw"`
}
AuditMessageData contains information about the triggered rules in detail
type AuditTransaction ¶
type AuditTransaction struct {
// Timestamp "02/Jan/2006:15:04:20 -0700" format
Timestamp string `json:"timestamp"`
UnixTimestamp int64 `json:"unix_timestamp"`
// Unique ID
ID string `json:"id"`
// Client IP Address string representation
ClientIP string `json:"client_ip"`
ClientPort int `json:"client_port"`
HostIP string `json:"host_ip"`
HostPort int `json:"host_port"`
ServerID string `json:"server_id"`
Request AuditTransactionRequest `json:"request"`
Response AuditTransactionResponse `json:"response"`
Producer AuditTransactionProducer `json:"producer"`
}
AuditTransaction contains transaction specific information
type AuditTransactionProducer ¶
type AuditTransactionProducer struct {
Connector string `json:"connector"`
Version string `json:"version"`
Server string `json:"server"`
RuleEngine string `json:"rule_engine"`
Stopwatch string `json:"stopwatch"`
Rulesets []string `json:"rulesets"`
}
AuditTransactionProducer contains producer specific information for debugging
type AuditTransactionRequest ¶
type AuditTransactionRequest struct {
Method string `json:"method"`
Protocol string `json:"protocol"`
URI string `json:"uri"`
HTTPVersion string `json:"http_version"`
Headers map[string][]string `json:"headers"`
Body string `json:"body"`
Files []AuditTransactionRequestFiles `json:"files"`
}
AuditTransactionRequest contains request specific information
type AuditTransactionRequestFiles ¶
type AuditTransactionRequestFiles struct {
Name string `json:"name"`
Size int64 `json:"size"`
Mime string `json:"mime"`
}
AuditTransactionRequestFiles contains information for the uploaded files using multipart forms
type AuditTransactionResponse ¶
type AuditTransactionResponse struct {
Protocol string `json:"protocol"`
Status int `json:"status"`
Headers map[string][]string `json:"headers"`
Body string `json:"body"`
}
AuditTransactionResponse contains response specific information
type DebugLogger ¶
type DebugLogger interface {
// Info logs an info message
Info(message string, args ...interface{})
// Warn logs a warning message
Warn(message string, args ...interface{})
// Error logs an error message
Error(message string, args ...interface{})
// Debug logs a debug message
Debug(message string, args ...interface{})
// Trace logs a trace message
Trace(message string, args ...interface{})
// SetLevel sets the log level
SetLevel(level LogLevel)
// SetOutput sets the output for the logger and closes
// the former output if any.
SetOutput(w io.WriteCloser)
}
DebugLogger is used to log SecDebugLog messages
type LogFormatter ¶
LogFormatter is the interface for all log formatters A LogFormatter receives an auditlog and generates "readable" audit log
func GetLogFormatter ¶
func GetLogFormatter(name string) (LogFormatter, error)
GetLogFormatter returns a formatter by name It returns an error if it doesn't exist
type LogLevel ¶
type LogLevel int
LogLevel is the type of log level
const ( // LogLevelUnknown is a default value for unknown log level LogLevelUnknown LogLevel = iota // LogLevelInfo is the lowest level of logging LogLevelInfo // LogLevelWarn is the level of logging for warnings LogLevelWarn // LogLevelError is the level of logging for errors LogLevelError // LogLevelDebug is the level of logging for debug messages LogLevelDebug // LogLevelTrace is the highest level of logging LogLevelTrace )
type LogWriter ¶
type LogWriter interface {
// Init the writer requires previous preparations
Init(types.Config) error
// Write the audit log
// Using the LogFormatter is mandatory to generate a "readable" audit log
// It is not sent as a bslice because some writers may require some Audit
// metadata.
Write(*AuditLog) error
// Close the writer if required
Close() error
}
LogWriter is the interface for all log writers A LogWriter receives an auditlog and writes it to the output stream An output stream may be a file, a socket, an http request, etc
func GetLogWriter ¶
GetLogWriter returns a logger by name It returns an error if it doesn't exist
Source Files