Documentation ¶
Overview ¶
Package auditlog implements a set of log formatters and writers for audit logging.
The following log formats are supported:
- JSON - Coraza - Native
The following log writers are supported:
- Serial - Concurrent
More writers and formatters can be registered using the RegisterWriter and RegisterFormatter functions.
Index ¶
- Variables
- func GetFormatter(name string) (plugintypes.AuditLogFormatter, error)
- func GetWriter(name string) (plugintypes.AuditLogWriter, error)
- func NewConfig() plugintypes.AuditLogConfig
- func RegisterFormatter(name string, f func(plugintypes.AuditLog) ([]byte, error))
- func RegisterWriter(name string, writer func() plugintypes.AuditLogWriter)
- type Log
- type Message
- type MessageData
- func (md *MessageData) Accuracy() int
- func (md *MessageData) Data() string
- func (md *MessageData) File() string
- func (md *MessageData) ID() int
- func (md *MessageData) Line() int
- func (md *MessageData) Maturity() int
- func (md *MessageData) Msg() string
- func (md *MessageData) Raw() string
- func (md *MessageData) Rev() string
- func (md *MessageData) Severity() types.RuleSeverity
- func (md *MessageData) Tags() []string
- func (md *MessageData) Ver() string
- type Transaction
- func (t Transaction) ClientIP() string
- func (t Transaction) ClientPort() int
- func (t Transaction) HasRequest() bool
- func (t Transaction) HasResponse() bool
- func (t Transaction) HostIP() string
- func (t Transaction) HostPort() int
- func (t Transaction) ID() string
- func (t Transaction) Producer() plugintypes.AuditLogTransactionProducer
- func (t Transaction) Request() plugintypes.AuditLogTransactionRequest
- func (t Transaction) Response() plugintypes.AuditLogTransactionResponse
- func (t Transaction) ServerID() string
- func (t Transaction) Timestamp() string
- func (t Transaction) UnixTimestamp() int64
- type TransactionProducer
- type TransactionRequest
- func (tr *TransactionRequest) Body() string
- func (tr *TransactionRequest) Files() []plugintypes.AuditLogTransactionRequestFiles
- func (tr *TransactionRequest) HTTPVersion() string
- func (tr *TransactionRequest) Headers() map[string][]string
- func (tReq *TransactionRequest) Method() string
- func (tr *TransactionRequest) Protocol() string
- func (tr *TransactionRequest) URI() string
- type TransactionRequestFiles
- type TransactionResponse
Constants ¶
This section is empty.
Variables ¶
var NoopCloser = noopCloser{}
Functions ¶
func GetFormatter ¶
func GetFormatter(name string) (plugintypes.AuditLogFormatter, error)
GetFormatter returns a formatter by name It returns an error if it doesn't exist
func GetWriter ¶
func GetWriter(name string) (plugintypes.AuditLogWriter, error)
GetWriter returns a logger by name It returns an error if it doesn't exist
func NewConfig ¶
func NewConfig() plugintypes.AuditLogConfig
NewConfig returns a Config with default values.
func RegisterFormatter ¶
func RegisterFormatter(name string, f func(plugintypes.AuditLog) ([]byte, error))
RegisterFormatter registers a new logger format it can be used for plugins
func RegisterWriter ¶
func RegisterWriter(name string, writer func() plugintypes.AuditLogWriter)
RegisterWriter registers a new logger it can be used for plugins
Types ¶
type Log ¶
type Log struct { // Parts contains the parts of the audit log Parts_ types.AuditLogParts `json:"-"` // Transaction contains the transaction information Transaction_ Transaction `json:"transaction"` // Messages contains the triggered rules information Messages_ []plugintypes.AuditLogMessage `json:"messages,omitempty"` }
Log represents the main struct for audit log data
func (*Log) Messages ¶
func (l *Log) Messages() []plugintypes.AuditLogMessage
func (*Log) Parts ¶
func (l *Log) Parts() types.AuditLogParts
func (*Log) Transaction ¶
func (l *Log) Transaction() plugintypes.AuditLogTransaction
func (*Log) UnmarshalJSON ¶
type Message ¶
type Message struct { Actionset_ string `json:"actionset"` Message_ string `json:"message"` Data_ *MessageData `json:"data"` }
Message contains information about the triggered rules
func (Message) Data ¶
func (m Message) Data() plugintypes.AuditLogMessageData
type MessageData ¶
type MessageData struct { File_ string `json:"file"` Line_ int `json:"line"` ID_ int `json:"id"` Rev_ string `json:"rev"` Msg_ string `json:"msg"` Data_ string `json:"data"` Severity_ types.RuleSeverity `json:"severity"` Ver_ string `json:"ver"` Maturity_ int `json:"maturity"` Accuracy_ int `json:"accuracy"` Tags_ []string `json:"tags"` Raw_ string `json:"raw"` }
MessageData contains information about the triggered rules in detail
func (*MessageData) Accuracy ¶
func (md *MessageData) Accuracy() int
func (*MessageData) Data ¶
func (md *MessageData) Data() string
func (*MessageData) File ¶
func (md *MessageData) File() string
func (*MessageData) ID ¶
func (md *MessageData) ID() int
func (*MessageData) Line ¶
func (md *MessageData) Line() int
func (*MessageData) Maturity ¶
func (md *MessageData) Maturity() int
func (*MessageData) Msg ¶
func (md *MessageData) Msg() string
func (*MessageData) Raw ¶
func (md *MessageData) Raw() string
func (*MessageData) Rev ¶
func (md *MessageData) Rev() string
func (*MessageData) Severity ¶
func (md *MessageData) Severity() types.RuleSeverity
func (*MessageData) Tags ¶
func (md *MessageData) Tags() []string
func (*MessageData) Ver ¶
func (md *MessageData) Ver() string
type Transaction ¶
type Transaction struct { // Timestamp "02/Jan/2006:15:04:20 -0700" format Timestamp_ string `json:"timestamp"` UnixTimestamp_ int64 `json:"unix_timestamp"` // Unique ID ID_ string `json:"id"` // Client IP Address string representation ClientIP_ string `json:"client_ip"` ClientPort_ int `json:"client_port"` HostIP_ string `json:"host_ip"` HostPort_ int `json:"host_port"` ServerID_ string `json:"server_id"` Request_ *TransactionRequest `json:"request,omitempty"` Response_ *TransactionResponse `json:"response,omitempty"` Producer_ *TransactionProducer `json:"producer,omitempty"` }
Transaction contains transaction specific information
func (Transaction) ClientIP ¶
func (t Transaction) ClientIP() string
func (Transaction) ClientPort ¶
func (t Transaction) ClientPort() int
func (Transaction) HasRequest ¶
func (t Transaction) HasRequest() bool
func (Transaction) HasResponse ¶
func (t Transaction) HasResponse() bool
func (Transaction) HostIP ¶
func (t Transaction) HostIP() string
func (Transaction) HostPort ¶
func (t Transaction) HostPort() int
func (Transaction) ID ¶
func (t Transaction) ID() string
func (Transaction) Producer ¶
func (t Transaction) Producer() plugintypes.AuditLogTransactionProducer
func (Transaction) Request ¶
func (t Transaction) Request() plugintypes.AuditLogTransactionRequest
func (Transaction) Response ¶
func (t Transaction) Response() plugintypes.AuditLogTransactionResponse
func (Transaction) ServerID ¶
func (t Transaction) ServerID() string
func (Transaction) Timestamp ¶
func (t Transaction) Timestamp() string
func (Transaction) UnixTimestamp ¶
func (t Transaction) UnixTimestamp() int64
type TransactionProducer ¶
type TransactionProducer struct { Connector_ string `json:"connector"` Version_ string `json:"version"` Server_ string `json:"server"` RuleEngine_ string `json:"rule_engine"` Stopwatch_ string `json:"stopwatch"` Rulesets_ []string `json:"rulesets"` }
TransactionProducer contains producer specific information for debugging
func (*TransactionProducer) Connector ¶
func (tp *TransactionProducer) Connector() string
func (*TransactionProducer) RuleEngine ¶
func (tp *TransactionProducer) RuleEngine() string
func (*TransactionProducer) Rulesets ¶
func (tp *TransactionProducer) Rulesets() []string
func (*TransactionProducer) Server ¶
func (tp *TransactionProducer) Server() string
func (*TransactionProducer) Stopwatch ¶
func (tp *TransactionProducer) Stopwatch() string
func (*TransactionProducer) Version ¶
func (tp *TransactionProducer) Version() string
type TransactionRequest ¶
type TransactionRequest struct { Method_ string `json:"method"` Protocol_ string `json:"protocol"` URI_ string `json:"uri"` HTTPVersion_ string `json:"http_version"` Headers_ map[string][]string `json:"headers"` Body_ string `json:"body"` Files_ []plugintypes.AuditLogTransactionRequestFiles `json:"files"` }
TransactionRequest contains request specific information
func (*TransactionRequest) Body ¶
func (tr *TransactionRequest) Body() string
func (*TransactionRequest) Files ¶
func (tr *TransactionRequest) Files() []plugintypes.AuditLogTransactionRequestFiles
func (*TransactionRequest) HTTPVersion ¶
func (tr *TransactionRequest) HTTPVersion() string
func (*TransactionRequest) Headers ¶
func (tr *TransactionRequest) Headers() map[string][]string
func (*TransactionRequest) Method ¶
func (tReq *TransactionRequest) Method() string
func (*TransactionRequest) Protocol ¶
func (tr *TransactionRequest) Protocol() string
func (*TransactionRequest) URI ¶
func (tr *TransactionRequest) URI() string
type TransactionRequestFiles ¶
type TransactionRequestFiles struct { Name_ string `json:"name"` Size_ int64 `json:"size"` Mime_ string `json:"mime"` }
TransactionRequestFiles contains information for the uploaded files using multipart forms
func (TransactionRequestFiles) Mime ¶
func (trf TransactionRequestFiles) Mime() string
func (TransactionRequestFiles) Name ¶
func (trf TransactionRequestFiles) Name() string
func (TransactionRequestFiles) Size ¶
func (trf TransactionRequestFiles) Size() int64
type TransactionResponse ¶
type TransactionResponse struct { Protocol_ string `json:"protocol"` Status_ int `json:"status"` Headers_ map[string][]string `json:"headers"` Body_ string `json:"body"` }
TransactionResponse contains response specific information
func (*TransactionResponse) Body ¶
func (tr *TransactionResponse) Body() string
func (*TransactionResponse) Headers ¶
func (tr *TransactionResponse) Headers() map[string][]string
func (*TransactionResponse) Protocol ¶
func (tRes *TransactionResponse) Protocol() string
func (*TransactionResponse) Status ¶
func (tr *TransactionResponse) Status() int