Documentation ¶
Overview ¶
Package loggers implements a set of log formatters and writers for audit logging.
The following log formats are supported:
- JSON - Coraza - Native
The following log writers are supported:
- Serial - Concurrent
More writers and formatters can be registered using the RegisterWriter and RegisterFormatter functions.
Copyright 2022 Juan Pablo Tosso ¶
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Index ¶
- func RegisterLogFormatter(name string, f func(al *AuditLog) ([]byte, error))
- func RegisterLogWriter(name string, writer func() LogWriter)
- type AuditLog
- type AuditMessage
- type AuditMessageData
- type AuditTransaction
- type AuditTransactionProducer
- type AuditTransactionRequest
- type AuditTransactionRequestFiles
- type AuditTransactionResponse
- type LogFormatter
- type LogWriter
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func RegisterLogFormatter ¶
RegisterLogFormatter registers a new logger format it can be used for plugins
func RegisterLogWriter ¶
RegisterLogWriter registers a new logger it can be used for plugins
Types ¶
type AuditLog ¶
type AuditLog struct { // Parts contains the parts of the audit log Parts types.AuditLogParts `json:"-"` // Transaction contains the transaction information Transaction AuditTransaction `json:"transaction"` // Messages contains the triggered rules information Messages []AuditMessage `json:"messages"` }
AuditLog represents the main struct for audit log data
type AuditMessage ¶
type AuditMessage struct { Actionset string `json:"actionset"` Message string `json:"message"` Data AuditMessageData `json:"data"` }
AuditMessage contains information about the triggered rules
type AuditMessageData ¶
type AuditMessageData struct { File string `json:"file"` Line int `json:"line"` ID int `json:"id"` Rev string `json:"rev"` Msg string `json:"msg"` Data string `json:"data"` Severity types.RuleSeverity `json:"severity"` Ver string `json:"ver"` Maturity int `json:"maturity"` Accuracy int `json:"accuracy"` Tags []string `json:"tags"` Raw string `json:"raw"` }
AuditMessageData contains information about the triggered rules in detail
type AuditTransaction ¶
type AuditTransaction struct { // Timestamp "02/Jan/2006:15:04:20 -0700" format Timestamp string `json:"timestamp"` UnixTimestamp int64 `json:"unix_timestamp"` // Unique ID ID string `json:"id"` // Client IP Address string representation ClientIP string `json:"client_ip"` ClientPort int `json:"client_port"` HostIP string `json:"host_ip"` HostPort int `json:"host_port"` ServerID string `json:"server_id"` Request AuditTransactionRequest `json:"request"` Response AuditTransactionResponse `json:"response"` Producer AuditTransactionProducer `json:"producer"` }
AuditTransaction contains transaction specific information
type AuditTransactionProducer ¶
type AuditTransactionProducer struct { Connector string `json:"connector"` Version string `json:"version"` Server string `json:"server"` RuleEngine string `json:"rule_engine"` Stopwatch string `json:"stopwatch"` Rulesets []string `json:"rulesets"` }
AuditTransactionProducer contains producer specific information for debugging
type AuditTransactionRequest ¶
type AuditTransactionRequest struct { Method string `json:"method"` Protocol string `json:"protocol"` URI string `json:"uri"` HTTPVersion string `json:"http_version"` Headers map[string][]string `json:"headers"` Body string `json:"body"` Files []AuditTransactionRequestFiles `json:"files"` }
AuditTransactionRequest contains request specific information
type AuditTransactionRequestFiles ¶
type AuditTransactionRequestFiles struct { Name string `json:"name"` Size int64 `json:"size"` Mime string `json:"mime"` }
AuditTransactionRequestFiles contains information for the uploaded files using multipart forms
type AuditTransactionResponse ¶
type AuditTransactionResponse struct { Protocol string `json:"protocol"` Status int `json:"status"` Headers map[string][]string `json:"headers"` Body string `json:"body"` }
AuditTransactionResponse contains response specific information
type LogFormatter ¶
LogFormatter is the interface for all log formatters A LogFormatter receives an auditlog and generates "readable" audit log
func GetLogFormatter ¶
func GetLogFormatter(name string) (LogFormatter, error)
GetLogFormatter returns a formatter by name It returns an error if it doesn't exist
type LogWriter ¶
type LogWriter interface { // Init the writer requires previous preparations Init(types.Config) error // Write the audit log // Using the LogFormatter is mandatory to generate a "readable" audit log // It is not sent as a bslice because some writers may require some Audit // metadata. Write(*AuditLog) error // Close the writer if required Close() error }
LogWriter is the interface for all log writers A LogWriter receives an auditlog and writes it to the output stream An output stream may be a file, a socket, an http request, etc
func GetLogWriter ¶
GetLogWriter returns a logger by name It returns an error if it doesn't exist