osquerylogs

package

v0.1.0 Latest Latest Go to latest Published: Jan 22, 2020 License: AGPL-3.0, Apache-2.0 Imports: 5 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/panther-labs/panther

Documentation ¶

Index ¶

Variables
type Batch
type BatchDiffResults
type BatchParser
- func (p *BatchParser) LogType() string
- func (p *BatchParser) Parse(log string) []interface{}
type Differential
type DifferentialParser
- func (p *DifferentialParser) LogType() string
- func (p *DifferentialParser) Parse(log string) []interface{}
type Snapshot
type SnapshotParser
- func (p *SnapshotParser) LogType() string
- func (p *SnapshotParser) Parse(log string) []interface{}
type Status
type StatusParser
- func (p *StatusParser) LogType() string
- func (p *StatusParser) Parse(log string) []interface{}

Constants ¶

This section is empty.

Variables ¶

View Source

var BatchDesc = `` /* 131-byte string literal not displayed */

View Source

var DifferentialDesc = `` /* 144-byte string literal not displayed */

View Source

var SnapshotDesc = `` /* 140-byte string literal not displayed */

View Source

var StatusDesc = `Status is a diagnostic osquery log about the daemon.
Reference: https://osquery.readthedocs.io/en/stable/deployment/logging/`

Functions ¶

This section is empty.

Types ¶

type Batch ¶

type Batch struct {
	CalendarTime *timestamp.ANSICwithTZ `json:"calendarTime,omitempty" validate:"required"`
	Counter      *int                   `json:"counter,omitempty,string"  validate:"required"`
	Decorations  map[string]string      `json:"decorations,omitempty"`
	DiffResults  *BatchDiffResults      `json:"diffResults,omitempty" validate:"required"`
	Epoch        *int                   `json:"epoch,omitempty,string"  validate:"required"`
	Hostname     *string                `json:"hostname,omitempty"  validate:"required"`
	Name         *string                `json:"name,omitempty"  validate:"required"`
	UnixTime     *int                   `json:"unixTime,omitempty,string"  validate:"required"`
}

type BatchDiffResults ¶

type BatchDiffResults struct {
	Added   []map[string]string `json:"added,omitempty"`
	Removed []map[string]string `json:"removed,omitempty"`
}

OsqueryBatchDiffResults contains diff data for OsQuery batch results

type BatchParser ¶

type BatchParser struct{}

BatchParser parses OsQuery Batch logs

func (*BatchParser) LogType ¶

func (p *BatchParser) LogType() string

LogType returns the log type supported by this parser

func (*BatchParser) Parse ¶

func (p *BatchParser) Parse(log string) []interface{}

Parse returns the parsed events or nil if parsing failed

type Differential ¶

type Differential struct {
	Action               *string                `json:"action,omitempty" validate:"required"`
	CalendarTime         *timestamp.ANSICwithTZ `json:"calendartime,omitempty" validate:"required"`
	Columns              map[string]string      `json:"columns,omitempty" validate:"required"`
	Counter              *int                   `json:"counter,omitempty,string"`
	Decorations          map[string]string      `json:"decorations,omitempty"`
	Epoch                *int                   `json:"epoch,omitempty,string" validate:"required"`
	HostIdentifier       *string                `json:"hostIdentifier,omitempty" validate:"required"`
	LogType              *string                `json:"logType,omitempty" validate:"required,eq=result"`
	LogUnderscoreType    *string                `json:"log_type,omitempty"`
	Name                 *string                `json:"name,omitempty" validate:"required"`
	UnixTime             *int                   `json:"unixTime,omitempty,string" validate:"required"`
	LogNumericsAsNumbers *bool                  `json:"logNumericsAsNumbers,omitempty,string"`
}

type DifferentialParser ¶

type DifferentialParser struct{}

DifferentialParser parses OsQuery Differential logs

func (*DifferentialParser) LogType ¶

func (p *DifferentialParser) LogType() string

LogType returns the log type supported by this parser

func (*DifferentialParser) Parse ¶

func (p *DifferentialParser) Parse(log string) []interface{}

Parse returns the parsed events or nil if parsing failed

type Snapshot ¶

type Snapshot struct {
	Action         *string                `json:"action,omitempty" validate:"required,eq=snapshot"`
	CalendarTime   *timestamp.ANSICwithTZ `json:"calendarTime,omitempty" validate:"required"`
	Counter        *int                   `json:"counter,omitempty,string" validate:"required"`
	Decorations    map[string]string      `json:"decorations,omitempty"`
	Epoch          *int                   `json:"epoch,omitempty,string" validate:"required"`
	HostIdentifier *string                `json:"hostIdentifier,omitempty" validate:"required"`
	Name           *string                `json:"name,omitempty" validate:"required"`
	Snapshot       []map[string]string    `json:"snapshot,omitempty" validate:"required"`
	UnixTime       *int                   `json:"unixTime,omitempty,string" validate:"required"`
}

type SnapshotParser ¶

type SnapshotParser struct{}

SnapshotParser parses OsQuery snapshot logs

func (*SnapshotParser) LogType ¶

func (p *SnapshotParser) LogType() string

LogType returns the log type supported by this parser

func (*SnapshotParser) Parse ¶

func (p *SnapshotParser) Parse(log string) []interface{}

Parse returns the parsed events or nil if parsing failed

type Status ¶

type Status struct {
	CalendarTime      *timestamp.ANSICwithTZ `json:"calendarTime,omitempty" validate:"required"`
	Decorations       map[string]string      `json:"decorations,omitempty"`
	Filename          *string                `json:"filename,omitempty" validate:"required"`
	HostIdentifier    *string                `json:"hostIdentifier,omitempty" validate:"required"`
	Line              *int                   `json:"line,omitempty,string" validate:"required"`
	LogType           *string                `json:"logType,omitempty" validate:"required,eq=status"`
	LogUnderscoreType *string                `json:"log_type,omitempty"`
	Message           *string                `json:"message,omitempty"`
	Severity          *int                   `json:"severity,omitempty,string" validate:"required"`
	UnixTime          *int                   `json:"unixTime,omitempty,string" validate:"required"`
	Version           *string                `json:"version,omitempty" validate:"required"`
}

type StatusParser ¶

type StatusParser struct{}

StatusParser parses OsQuery Status logs

func (*StatusParser) LogType ¶

func (p *StatusParser) LogType() string

LogType returns the log type supported by this parser

func (*StatusParser) Parse ¶

func (p *StatusParser) Parse(log string) []interface{}

Parse returns the parsed events or nil if parsing failed

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL