events

package
v0.1.0-alpha.5 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Mar 24, 2016 License: Apache-2.0 Imports: 12 Imported by: 347

Documentation

Overview

Package events contains structured events emitted by various parts of teleport, they are collected by auth server for audit purposes

Package events implements stored event log used for audit and other purposes

Index

Constants

View Source
const (
	// SessionEvent indicates that session has been initiated
	// or updated by a joining party on the server
	SessionEvent = "teleport.session"
	// ExecEvent is an exec command executed by script or user on
	// the server side
	ExecEvent = "teleport.exec"
	// AuthAttemptEvent is authentication attempt that either
	// succeeded or failed based on event status
	AuthAttemptEvent = "teleport.auth.attempt"
	// SCPEvent means data transfer that occured on the server
	SCPEvent = "teleport.scp"
	// ResizeEvent means that some user resized PTY on the client
	ResizeEvent = "teleport.resize.pty"
)
View Source
const (
	// DefaultLimit is a default limit set for event queries
	DefaultLimit = 20
	// MaxLimit is a maximum limit set for event queries
	MaxLimit = 100
	// Asc is ascending sort order
	Asc = 1
	// Desc is descending sort order
	Desc = -1
)

Variables

View Source
var NullEventLogger = &NOPEventLogger{}

Functions

func FilterToURL

func FilterToURL(f Filter) (url.Values, error)

FilterToURL encodes filter to URL query parameters

Types

type AuthAttempt

type AuthAttempt struct {
	// Session is SSH session ID
	SessionID string `json:"sid"`
	// User is SSH user
	User string `json:"user"`
	// Success - true if auth was successfull, false otherwise
	Success bool `json:"success"`
	// Error contains rejection reason if present
	Error string `json:"error"`
	// LocalAddr local connecting address
	LocalAddr string `json:"laddr"`
	// RemoteAddr remote connecting address
	RemoteAddr string `json:"raddr"`
	// Key is a public key used for auth
	Key string `json:"key"`
}

AuthAttempt indicates authentication attempt that can be either successfull or failed

func NewAuthAttempt

func NewAuthAttempt(conn ssh.ConnMetadata, key ssh.PublicKey, success bool, err error) *AuthAttempt

NewAuthAttempt returns new authentication attempt evetn

func (*AuthAttempt) Schema

func (*AuthAttempt) Schema() string

Schema returns auth attempt schema

type Exec

type Exec struct {
	// User is SSH user
	User string `json:"user"`
	// SessionID is teleport specific session id
	SessionID string `json:"sid"`
	// Command is a command name with arguments
	Command string `json:"command"`
	// Code is a return code
	Code int `json:"code"`
	// Error is a error if command failed to execute
	Error string `json:"error"`
	// Log is a captured command output
	Log string `json:"out"`
}

Exec is a result of execution of a remote command on the target server

func NewExec

func NewExec(command string, out io.Reader, code int, err error) *Exec

NewExec returns new Exec event

func (*Exec) Schema

func (*Exec) Schema() string

Schema returns event schema

type Filter

type Filter struct {
	Start     time.Time  `json:"start"`
	End       time.Time  `json:"end"`
	Limit     int        `json:"limit"`
	Order     int        `json:"order"`
	SessionID session.ID `json:"session_id"`
}

Filter is event search filter

func FilterFromURL

func FilterFromURL(vals url.Values) (*Filter, error)

FilterFromURL returns filter falue from URL encoded parameters

func (Filter) String

func (f Filter) String() string

String returns debug-friendly representation of this filter

type Log

type Log interface {
	Log(id lunk.EventID, e lunk.Event)
	LogEntry(lunk.Entry) error
	LogSession(session.Session) error
	GetEvents(filter Filter) ([]lunk.Entry, error)
	GetSessionEvents(filter Filter) ([]session.Session, error)
}

Log is an event logger interface

type Message

type Message struct {
	// User is SSH user
	User string `json:"user"`
	// SessionID is teleport session id
	SessionID string `json:"sid"`
	// Message
	Message string `json:"message"`
}

Message is a user message sent in a session

func (*Message) Schema

func (*Message) Schema() string

Schema return event schema

type NOPEventLogger

type NOPEventLogger struct {
}

func (*NOPEventLogger) GetEvents

func (*NOPEventLogger) GetEvents(filter Filter) ([]lunk.Entry, error)

func (*NOPEventLogger) GetSessionEvents

func (*NOPEventLogger) GetSessionEvents(filter Filter) ([]session.Session, error)

func (*NOPEventLogger) Log

func (*NOPEventLogger) LogEntry

func (*NOPEventLogger) LogEntry(lunk.Entry) error

func (*NOPEventLogger) LogSession

func (*NOPEventLogger) LogSession(sess session.Session) error

type SCP

type SCP struct {
	// User is SSH user
	User string `json:"user"`
	// SessionID is a session id
	SessionID string `json:"sid"`
}

SCP is a file copy event that took place on one of the servers

func (*SCP) Schema

func (*SCP) Schema() string

Schema returns event schema

type ShellSession

type ShellSession struct {
	// SessionID is teleport session id
	SessionID string `json:"sid"`
	// Shell is a shell name
	Shell string `json:"command"`
	// RecordID holds the id with the session recording
	RecordID string `json:"rid"`
	// User is SSH user
	User string `json:"user"`
	// LocalAddr local connecting address
	LocalAddr string `json:"laddr"`
	// RemoteAddr remote connecting address
	RemoteAddr string `json:"raddr"`
}

ShellSession is a result of execution of an interactive shell

func NewShellSession

func NewShellSession(sid string, conn ssh.ConnMetadata, shell string, recordID string) *ShellSession

NewShellSession returns a new shell session event

func (*ShellSession) Schema

func (*ShellSession) Schema() string

Schema returns event schema

Directories

Path Synopsis
Package test contains a log backend acceptance test suite that is implementation independant each backend will use the suite to test itself
Package test contains a log backend acceptance test suite that is implementation independant each backend will use the suite to test itself

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL