Documentation
¶
Index ¶
Constants ¶
View Source
const (
EVENT_EOE = 1320 // End of multi packet event
)
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AuditFilter ¶
type AuditFilter struct {
MessageType uint16
Regex *regexp.Regexp
Syscall string
Key string
Action FilterAction
}
func NewAuditFilter ¶
func NewAuditFilter(ruleNumber int, obj map[string]interface{}) (*AuditFilter, error)
type AuditMarshaller ¶
type AuditMarshaller struct {
// contains filtered or unexported fields
}
func NewAuditMarshaller ¶
func NewAuditMarshaller(w *output.AuditWriter, eventMin uint16, eventMax uint16, trackMessages, logOOO bool, maxOOO int, filters []AuditFilter) *AuditMarshaller
Create a new marshaller
func (*AuditMarshaller) Consume ¶
func (a *AuditMarshaller) Consume(nlMsg *syscall.NetlinkMessage)
Ingests a netlink message and likely prepares it to be logged
type FilterAction ¶
type FilterAction bool
const ( Keep FilterAction = false Drop FilterAction = true )
func (FilterAction) String ¶
func (f FilterAction) String() string
Source Files
Click to show internal directories.
Click to hide internal directories.