Documentation
¶
Overview ¶
Package auditd provides functionality for extracting audit information from the Linux kernel's built-in auditing functionality.
Index ¶
Constants ¶
View Source
const ( // AuditdProcessorComponentName is the name of the component // that reads from auditd. This is used in the health check. AuditdProcessorComponentName = "auditd-processor" )
Variables ¶
This section is empty.
Functions ¶
func SetLogger ¶
func SetLogger(l *zap.SugaredLogger)
Types ¶
type Auditd ¶
type Auditd struct {
// After filters audit events prior to a particular point in time.
// For example, using time.Now means all events that occurred
// before time.Now will be ignored.
//
// A zero time.Time means no events are ignored.
After time.Time
// Audits receives audit log lines from one or more audit files.
Audits <-chan string
// Logins receives common.RemoteUserLogin when a user logs in
// remotely through a service like sshd.
Logins <-chan common.RemoteUserLogin
// EventW is the auditevent.EventWriter to write events to.
EventW *auditevent.EventWriter
Health *health.Health
}
Auditd enables correlation of remote user logins (and the credential they used to log in with, such as a SSH certificate) and Linux audit events.
Source Files
Directories
¶
| Path | Synopsis |
|---|---|
|
gen-extra-map generates a Go function that validates the Extra map included in auditevent.AuditEvent metadata for a given event index.
|
gen-extra-map generates a Go function that validates the Extra map included in auditevent.AuditEvent metadata for a given event index. |
Click to show internal directories.
Click to hide internal directories.