Documentation ¶
Overview ¶
Package loggers implements a set of log formatters and writers for audit logging.
The following log formats are supported:
- JSON - Coraza - Native
The following log writers are supported:
- Serial - Concurrent
More writers and formatters can be registered using the RegisterWriter and RegisterFormatter functions.
Index ¶
- func RegisterLogFormatter(name string, f func(al *AuditLog) ([]byte, error))
- func RegisterLogWriter(name string, writer func() LogWriter)
- type AuditLog
- type AuditMessage
- type AuditMessageData
- type AuditTransaction
- type AuditTransactionProducer
- type AuditTransactionRequest
- type AuditTransactionRequestFiles
- type AuditTransactionResponse
- type DebugLogger
- type LogFormatter
- type LogLevel
- type LogWriter
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func RegisterLogFormatter ¶
RegisterLogFormatter registers a new logger format it can be used for plugins
func RegisterLogWriter ¶
RegisterLogWriter registers a new logger it can be used for plugins
Types ¶
type AuditLog ¶
type AuditLog struct { // Parts contains the parts of the audit log Parts types.AuditLogParts `json:"-"` // Transaction contains the transaction information Transaction AuditTransaction `json:"transaction"` // Messages contains the triggered rules information Messages []AuditMessage `json:"messages"` }
AuditLog represents the main struct for audit log data
type AuditMessage ¶
type AuditMessage struct { Actionset string `json:"actionset"` Message string `json:"message"` Data AuditMessageData `json:"data"` }
AuditMessage contains information about the triggered rules
type AuditMessageData ¶
type AuditMessageData struct { File string `json:"file"` Line int `json:"line"` ID int `json:"id"` Rev string `json:"rev"` Msg string `json:"msg"` Data string `json:"data"` Severity types.RuleSeverity `json:"severity"` Ver string `json:"ver"` Maturity int `json:"maturity"` Accuracy int `json:"accuracy"` Tags []string `json:"tags"` Raw string `json:"raw"` }
AuditMessageData contains information about the triggered rules in detail
type AuditTransaction ¶
type AuditTransaction struct { // Timestamp "02/Jan/2006:15:04:20 -0700" format Timestamp string `json:"timestamp"` UnixTimestamp int64 `json:"unix_timestamp"` // Unique ID ID string `json:"id"` // Client IP Address string representation ClientIP string `json:"client_ip"` ClientPort int `json:"client_port"` HostIP string `json:"host_ip"` HostPort int `json:"host_port"` ServerID string `json:"server_id"` Request AuditTransactionRequest `json:"request"` Response AuditTransactionResponse `json:"response"` Producer AuditTransactionProducer `json:"producer"` }
AuditTransaction contains transaction specific information
type AuditTransactionProducer ¶
type AuditTransactionProducer struct { Connector string `json:"connector"` Version string `json:"version"` Server string `json:"server"` RuleEngine string `json:"rule_engine"` Stopwatch string `json:"stopwatch"` Rulesets []string `json:"rulesets"` }
AuditTransactionProducer contains producer specific information for debugging
type AuditTransactionRequest ¶
type AuditTransactionRequest struct { Method string `json:"method"` Protocol string `json:"protocol"` URI string `json:"uri"` HTTPVersion string `json:"http_version"` Headers map[string][]string `json:"headers"` Body string `json:"body"` Files []AuditTransactionRequestFiles `json:"files"` }
AuditTransactionRequest contains request specific information
type AuditTransactionRequestFiles ¶
type AuditTransactionRequestFiles struct { Name string `json:"name"` Size int64 `json:"size"` Mime string `json:"mime"` }
AuditTransactionRequestFiles contains information for the uploaded files using multipart forms
type AuditTransactionResponse ¶
type AuditTransactionResponse struct { Protocol string `json:"protocol"` Status int `json:"status"` Headers map[string][]string `json:"headers"` Body string `json:"body"` }
AuditTransactionResponse contains response specific information
type DebugLogger ¶
type DebugLogger interface { // Info logs an info message Info(message string, args ...interface{}) // Warn logs a warning message Warn(message string, args ...interface{}) // Error logs an error message Error(message string, args ...interface{}) // Debug logs a debug message Debug(message string, args ...interface{}) // Trace logs a trace message Trace(message string, args ...interface{}) // SetLevel sets the log level SetLevel(level LogLevel) // SetOutput sets the output for the logger and closes // the former output if any. SetOutput(w io.WriteCloser) }
DebugLogger is used to log SecDebugLog messages
type LogFormatter ¶
LogFormatter is the interface for all log formatters A LogFormatter receives an auditlog and generates "readable" audit log
func GetLogFormatter ¶
func GetLogFormatter(name string) (LogFormatter, error)
GetLogFormatter returns a formatter by name It returns an error if it doesn't exist
type LogLevel ¶
type LogLevel int
LogLevel is the type of log level
const ( // LogLevelUnknown is a default value for unknown log level LogLevelUnknown LogLevel = iota // LogLevelInfo is the lowest level of logging LogLevelInfo // LogLevelWarn is the level of logging for warnings LogLevelWarn // LogLevelError is the level of logging for errors LogLevelError // LogLevelDebug is the level of logging for debug messages LogLevelDebug // LogLevelTrace is the highest level of logging LogLevelTrace )
type LogWriter ¶
type LogWriter interface { // Init the writer requires previous preparations Init(types.Config) error // Write the audit log // Using the LogFormatter is mandatory to generate a "readable" audit log // It is not sent as a bslice because some writers may require some Audit // metadata. Write(*AuditLog) error // Close the writer if required Close() error }
LogWriter is the interface for all log writers A LogWriter receives an auditlog and writes it to the output stream An output stream may be a file, a socket, an http request, etc
func GetLogWriter ¶
GetLogWriter returns a logger by name It returns an error if it doesn't exist