Documentation ¶
Overview ¶
Copyright 2016-2019 DutchSec (https://dutchsec.com/)
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Copyright 2016-2019 DutchSec (https://dutchsec.com/)
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Copyright 2016-2019 DutchSec (https://dutchsec.com/)
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Copyright 2016-2019 DutchSec (https://dutchsec.com/)
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Copyright 2016-2019 DutchSec (https://dutchsec.com/)
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Index ¶
- Variables
- func ToMap(ev Event) map[string]interface{}
- type Conn
- type Event
- type Option
- func Category(s string) Option
- func CopyFrom(data map[string]interface{}) Option
- func Custom(name string, value interface{}) Option
- func DestinationAddr(addr net.Addr) Option
- func DestinationHardwareAddr(addr net.HardwareAddr) Option
- func DestinationIP(ip net.IP) Option
- func DestinationPort(port uint16) Option
- func Error(err error) Option
- func HostAddr(addr string) Option
- func HostAddrFrom(addr net.Addr) Option
- func MergeFrom(data map[string]interface{}) Option
- func Message(format string, a ...interface{}) Option
- func NewWith(opts ...Option) Option
- func Payload(data []byte) Option
- func Protocol(v string) Option
- func RemoteAddr(addr string) Option
- func RemoteAddrFrom(addr net.Addr) Option
- func Sensor(s string) Option
- func Service(v string) Option
- func SourceAddr(addr net.Addr) Option
- func SourceHardwareAddr(addr net.HardwareAddr) Option
- func SourceIP(ip net.IP) Option
- func SourcePort(port uint16) Option
- func Stack() Option
- func Token(token string) Option
- func Type(s string) Option
Constants ¶
This section is empty.
Variables ¶
var ( PingEvent = Type("PING") Operational = Type("OPERATIONAL:Event") OperationalAuth = Type("OPERATIONAL:AUTH") DataRequest = Type("DATA:REQUEST") DataRead = Type("DATA:READ") DataWrite = Type("DATA:WRITE") ServiceEnded = Type("SERVICE:ENDED") SeverityFatal = Type("fatal") SeverityError = Type("error") SeverityInfo = Type("info") ServiceStarted = Type("SERVICE:STARTED") ConnectionOpened = Type("CONNECTION:OPENED") ConnectionClosed = Type("CONNECTION:CLOSED") UserSessionOpened = Type("SESSION:USER:OPENED") UserSessionClosed = Type("SESSION:USER:CLOSED") ConnectionReadError = Type("CONNECTION:ERROR:READ") ConnectionWriteError = Type("CONNECTION:ERROR:WRITE") ContainerStarted = Type("CONTAINER:STARTED") ContainerFrozen = Type("CONTAINER:FROZEN") ContainerDial = Type("CONTAINER:DIAL") ContainerError = Type("CONTAINER:ERROR") ContainerUnfrozen = Type("CONTAINER:UNFROZEN") ContainerCloned = Type("CONTAINER:CLONED") ContainerStopped = Type("CONTAINER:STOPPED") ContainerPaused = Type("CONTAINER:PAUSED") ContainerResumed = Type("CONTAINER:RESUMED") ContainerTarred = Type("CONTAINER:TARRED") ContainerCheckpoint = Type("CONTAINER:CHECKPOINT") ContainerPcaped = Type("CONTAINER:PCAPED") )
contains different sets of possible events type.
var ( ContainersSensorName = "CONTAINER" ConnectionSensorName = "CONNECTION" ServiceSensorName = "SERVICE" SessionSensorName = "SESSIONS" EventSensorName = "EVENTS" PingSensorName = "PING" DataSensorName = "DATA" ErrorsSensorName = "ERRORS" DataErrorSensorName = "DATA:ERROR" ConnectionErrorSensorName = "CONNECTION:ERROR" ContainersSensor = Sensor("CONTAINER") ConnectionSensor = Sensor("CONNECTION") ServiceSensor = Sensor("SERVICE") SessionSensor = Sensor("SESSIONS") EventSensor = Sensor("EVENTS") PingSensor = Sensor("PING") DataSensor = Sensor("DATA") ErrorsSensor = Sensor("ERRORS") DataErrorSensor = Sensor("DATA:ERROR") ConnectionErrorSensor = Sensor("CONNECTION:ERROR") )
Contains a series of sensors variables.
Functions ¶
Types ¶
type Event ¶
type Event struct {
// contains filtered or unexported fields
}
Event defines a object which adds key-value pairs into a map type for event data.
func (Event) MarshalJSON ¶
type Option ¶
type Option func(Event)
Option defines a function type for events modifications.
func CopyFrom ¶
CopyFrom copies the internal key-value pair into the event, overwritten any previous key's value if matching key.
func DestinationAddr ¶
DestinationAddr returns an option for setting the destination-ip value.
func DestinationHardwareAddr ¶
func DestinationHardwareAddr(addr net.HardwareAddr) Option
DestinationAddr returns an option for setting the destination-ip value.
func DestinationIP ¶
DestinationIP returns an option for setting the destination-ip value.
func DestinationPort ¶
DestinationPort returns an option for setting the destination-port value.
func HostAddrFrom ¶
HostAddrFrom returns an option for setting the host-addr value.
func MergeFrom ¶
MergeFrom copies the internal key-value pair into the event if the event lacks the given key.
func Message ¶
Message returns an option for setting the payload value. should this be just a formatter? eg Bla Bla {src-ip}
func NewWith ¶
NewWith combines the set of option into a single option which applies all the series when called.
func RemoteAddr ¶
RemoteAddr returns an option for setting the host-addr value.
func RemoteAddrFrom ¶
RemoteAddrFrom returns an option for setting the host-addr value.
func SourceAddr ¶
SourceAddr returns an option for setting the source-ip value.
func SourceHardwareAddr ¶
func SourceHardwareAddr(addr net.HardwareAddr) Option
SourceAddr returns an option for setting the source-ip value.
func SourcePort ¶
SourcePort returns an option for setting the source-port value.