marshaller

package

v1.1.9 Latest Latest Go to latest Published: Oct 24, 2019 License: MIT Imports: 10 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/pantheon-systems/pauditd

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
type AuditFilter
- func NewAuditFilter(ruleNumber int, obj map[interface{}]interface{}) (*AuditFilter, error)
type AuditMarshaller
- func NewAuditMarshaller(w *output.AuditWriter, eventMin uint16, eventMax uint16, ...) *AuditMarshaller
- func (a *AuditMarshaller) Consume(nlMsg *syscall.NetlinkMessage)
type FilterAction
- func (f FilterAction) String() string

Constants ¶

View Source

const (
	EVENT_EOE = 1320 // End of multi packet event
)

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type AuditFilter ¶

type AuditFilter struct {
	MessageType uint16
	Regex       *regexp.Regexp
	Syscall     string
	Key         string
	Action      FilterAction
}

func NewAuditFilter ¶

func NewAuditFilter(ruleNumber int, obj map[interface{}]interface{}) (*AuditFilter, error)

type AuditMarshaller ¶

type AuditMarshaller struct {
	// contains filtered or unexported fields
}

func NewAuditMarshaller ¶

func NewAuditMarshaller(w *output.AuditWriter, eventMin uint16, eventMax uint16, trackMessages, logOOO bool, maxOOO int, filters []AuditFilter) *AuditMarshaller

Create a new marshaller

func (*AuditMarshaller) Consume ¶

func (a *AuditMarshaller) Consume(nlMsg *syscall.NetlinkMessage)

Ingests a netlink message and likely prepares it to be logged

type FilterAction ¶

type FilterAction bool

const (
	Keep FilterAction = false
	Drop FilterAction = true
)

func (FilterAction) String ¶

func (f FilterAction) String() string

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL