fetchers

package
v0.0.0-...-5200ab0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 23, 2024 License: Apache-2.0 Imports: 28 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	FSResourceType = "file"
	FileSubType    = "file"
	DirSubType     = "directory"
	UserFile       = "/hostfs/etc/passwd"
	GroupFile      = "/hostfs/etc/group"
)
View Source 
const (
	// CMDArgumentMatcher is a regex pattern that should match a process argument and its value
	// Expects format as the following: --<key><delimiter><value>.
	// For example: --config=a.json
	// The regex supports two delimiters "=" and ""
	CMDArgumentMatcher  = "\\b%s[\\s=]\\/?(\\S+)"
	ProcessResourceType = "process"
	ProcessSubType      = "process"
)
View Source 
const (
	K8sObjType = "k8s_object"
)

Variables

This section is empty.

Functions

func Glob 

func Glob(pattern string) ([]string, error)

Glob adds double-star support to the core path/filepath Glob function. It's useful when your globs might have double-stars, but you're not sure.

Types

type EvalFSResource 

type EvalFSResource struct {
	Name    string `json:"name"`
	Mode    string `json:"mode"`
	Gid     string `json:"gid"`
	Uid     string `json:"uid"`
	Owner   string `json:"owner"`
	Group   string `json:"group"`
	Path    string `json:"path"`
	Inode   string `json:"inode"`
	SubType string `json:"sub_type"`
}

type EvalProcResource 

type EvalProcResource struct {
	PID          string        `json:"pid"`
	Cmd          string        `json:"command"`
	Stat         proc.ProcStat `json:"stat"`
	ExternalData mapstr.M      `json:"external_data"`
}

type FSResource 

type FSResource struct {
	EvalResource  EvalFSResource
	ElasticCommon FileCommonData
}

func (FSResource) GetData 

func (r FSResource) GetData() any

func (FSResource) GetElasticCommonData 

func (r FSResource) GetElasticCommonData() (map[string]any, error)

func (FSResource) GetIds 

func (r FSResource) GetIds() []string

func (FSResource) GetMetadata 

func (r FSResource) GetMetadata() (fetching.ResourceMetadata, error)

type FileCommonData 

type FileCommonData struct {
	Name      string    `mapstructure:"file.name,omitempty"`
	Mode      string    `mapstructure:"file.mode,omitempty"`
	Gid       string    `mapstructure:"file.gid,omitempty"`
	Uid       string    `mapstructure:"file.uid,omitempty"`
	Owner     string    `mapstructure:"file.owner,omitempty"`
	Group     string    `mapstructure:"file.group,omitempty"`
	Path      string    `mapstructure:"file.path,omitempty"`
	Inode     string    `mapstructure:"file.inode,omitempty"`
	Extension string    `mapstructure:"file.extension,omitempty"`
	Size      int64     `mapstructure:"file.size"`
	Type      string    `mapstructure:"file.type,omitempty"`
	Directory string    `mapstructure:"file.directory,omitempty"`
	Accessed  time.Time `mapstructure:"file.accessed"`
	Mtime     time.Time `mapstructure:"file.mtime"`
	Ctime     time.Time `mapstructure:"file.ctime"`
}

FileCommonData According to https://www.elastic.co/guide/en/ecs/current/ecs-file.html

type FileSystemFetcher 

type FileSystemFetcher struct {
	// contains filtered or unexported fields
}

FileSystemFetcher implement the Fetcher interface The FileSystemFetcher meant to fetch file/directories from the file system and ship it to the Cloudbeat

func NewFsFetcher 

func NewFsFetcher(log *logp.Logger, ch chan fetching.ResourceInfo, patterns []string) *FileSystemFetcher

func (*FileSystemFetcher) Fetch 

func (f *FileSystemFetcher) Fetch(_ context.Context, cycleMetadata cycle.Metadata) error

func (*FileSystemFetcher) Stop 

func (f *FileSystemFetcher) Stop()

type Globs 

type Globs []string

Globs represents one filepath glob, with its elements joined by "**". Based on https://github.com/yargevad/filepathx/blob/master/filepathx.go

func (Globs) Expand 

func (globs Globs) Expand() ([]string, error)

Expand finds matches for the provided Globs.

type K8sResource 

type K8sResource struct {
	Data any
	// contains filtered or unexported fields
}

func (K8sResource) GetData 

func (r K8sResource) GetData() any

func (K8sResource) GetElasticCommonData 

func (r K8sResource) GetElasticCommonData() (map[string]any, error)

func (K8sResource) GetIds 

func (r K8sResource) GetIds() []string

func (K8sResource) GetMetadata 

func (r K8sResource) GetMetadata() (fetching.ResourceMetadata, error)

type KubeApiFetcherConfig 

type KubeApiFetcherConfig struct {
	fetching.BaseFetcherConfig
	Interval   time.Duration `config:"interval"`
	KubeConfig string        `config:"kubeconfig"`
}

type KubeFetcher 

type KubeFetcher struct {
	// contains filtered or unexported fields
}

func NewKubeFetcher 

func NewKubeFetcher(log *logp.Logger, ch chan fetching.ResourceInfo, provider k8s.Interface) *KubeFetcher

func (*KubeFetcher) Fetch 

func (f *KubeFetcher) Fetch(_ context.Context, cycleMetadata cycle.Metadata) error

func (*KubeFetcher) Stop 

func (f *KubeFetcher) Stop()

type ProcCommonData 

type ProcCommonData struct {
	// Parent process.
	Parent *ProcCommonData `json:"parent,omitempty"`

	// Process id.
	PID int64 `json:"pid,omitempty"`

	// Process name.
	// Sometimes called program name or similar.
	Name string `json:"name,omitempty"`

	// Identifier of the group of processes the process belongs to.
	PGID int64 `json:"pgid,omitempty"`

	// Full command line that started the process, including the absolute path
	// to the executable, and all arguments.
	// Some arguments may be filtered to protect sensitive information.
	CommandLine string `json:"command_line,omitempty"`

	// Array of process arguments, starting with the absolute path to the
	// executable.
	// May be filtered to protect sensitive information.
	Args []string `json:"args,omitempty"`

	// Length of the process.args array.
	// This field can be useful for querying or performing bucket analysis on
	// how many arguments were provided to start a process. More arguments may
	// be an indication of suspicious activity.
	ArgsCount int64 `json:"args_count,omitempty"`

	// Process title.
	// The proctitle, sometimes the same as process name. Can also be
	// different: for example a browser setting its title to the web page
	// currently opened.
	Title string `json:"title,omitempty"`

	// The time the process started.
	Start time.Time `json:"start"`

	// Seconds the process has been up.
	Uptime int64 `json:"uptime,omitempty"`
}

ProcCommonData According to https://www.elastic.co/guide/en/ecs/current/ecs-process.html

type ProcResource 

type ProcResource struct {
	EvalResource  EvalProcResource
	ElasticCommon ProcCommonData
}

func (ProcResource) GetData 

func (res ProcResource) GetData() any

func (ProcResource) GetElasticCommonData 

func (res ProcResource) GetElasticCommonData() (map[string]any, error)

func (ProcResource) GetIds 

func (res ProcResource) GetIds() []string

func (ProcResource) GetMetadata 

func (res ProcResource) GetMetadata() (fetching.ResourceMetadata, error)

type ProcessInputConfiguration 

type ProcessInputConfiguration struct {
	ConfigFileArguments []string `config:"config-file-arguments"`
}

type ProcessesConfigMap 

type ProcessesConfigMap map[string]ProcessInputConfiguration

type ProcessesFetcher 

type ProcessesFetcher struct {
	Fs fs.FS
	// contains filtered or unexported fields
}

func NewProcessFetcher 

func NewProcessFetcher(log *logp.Logger, ch chan fetching.ResourceInfo, processes ProcessesConfigMap) *ProcessesFetcher

func (*ProcessesFetcher) Fetch 

func (f *ProcessesFetcher) Fetch(_ context.Context, cycleMetadata cycle.Metadata) error

func (*ProcessesFetcher) Stop 

func (f *ProcessesFetcher) Stop()

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.