Documentation ¶
Index ¶
- Constants
- Variables
- func AppendAnyString(any *PantherAnyString, values ...string)
- func CsvStringToArray(value string) []string
- func CsvStringToFloat64Pointer(value string) *float64
- func CsvStringToInt16Pointer(value string) *int16
- func CsvStringToIntPointer(value string) *int
- func CsvStringToPointer(value string) *string
- type LogParser
- type PantherAnyString
- type PantherLog
- func (pl *PantherLog) AppendAnyDomainNamePtrs(values ...*string)
- func (pl *PantherLog) AppendAnyDomainNames(values ...string)
- func (pl *PantherLog) AppendAnyIPAddress(value string) bool
- func (pl *PantherLog) AppendAnyIPAddressPtr(value *string) bool
- func (pl *PantherLog) AppendAnyMD5HashPtrs(values ...*string)
- func (pl *PantherLog) AppendAnyMD5Hashes(values ...string)
- func (pl *PantherLog) AppendAnySHA1HashPtrs(values ...*string)
- func (pl *PantherLog) AppendAnySHA1Hashes(values ...string)
- func (pl *PantherLog) Event() interface{}
- func (pl *PantherLog) Log() *PantherLog
- func (pl *PantherLog) Logs() []*PantherLog
- func (pl *PantherLog) SetCoreFields(logType string, eventTime *timestamp.RFC3339, event interface{})
- func (pl *PantherLog) SetEvent(event interface{})
- type RowID
Constants ¶
View Source
const (
PantherFieldPrefix = "p_"
)
Variables ¶
View Source
var Validator = validator.New()
Validator can be used to validate schemas of log fields
Functions ¶
func AppendAnyString ¶ added in v0.2.0
func AppendAnyString(any *PantherAnyString, values ...string)
func CsvStringToArray ¶ added in v0.2.0
func CsvStringToFloat64Pointer ¶ added in v0.2.0
func CsvStringToInt16Pointer ¶ added in v0.2.0
func CsvStringToIntPointer ¶ added in v0.2.0
func CsvStringToPointer ¶ added in v0.2.0
Types ¶
type LogParser ¶
type LogParser interface { // LogType returns the log type supported by this parser LogType() string // Parse attempts to parse the provided log line // If the provided log is not of the supported type the method returns nil Parse(log string) []*PantherLog // New returns a new instance of the log parser, used like a factory method for stateful parsers New() LogParser }
LogParser represents a parser for a supported log type
type PantherAnyString ¶ added in v0.2.0
type PantherAnyString struct {
// contains filtered or unexported fields
}
func NewPantherAnyString ¶ added in v0.2.0
func NewPantherAnyString() *PantherAnyString
func (*PantherAnyString) MarshalJSON ¶ added in v0.2.0
func (any *PantherAnyString) MarshalJSON() ([]byte, error)
func (*PantherAnyString) UnmarshalJSON ¶ added in v0.2.0
func (any *PantherAnyString) UnmarshalJSON(jsonBytes []byte) error
type PantherLog ¶ added in v0.2.0
type PantherLog struct { // required PantherLogType *string `json:"p_log_type,omitempty" validate:"required" description:"Panther added field with type of log"` PantherRowID *string `json:"p_row_id,omitempty" validate:"required" description:"Panther added field with unique id (within table)"` PantherEventTime *timestamp.RFC3339 `json:"p_event_time,omitempty" validate:"required" description:"Panther added standardize event time (UTC)"` PantherParseTime *timestamp.RFC3339 `json:"p_parse_time,omitempty" validate:"required" description:"Panther added standardize log parse time (UTC)"` // optional (any) PantherAnyIPAddresses *PantherAnyString `json:"p_any_ip_addresses,omitempty" description:"Panther added field with collection of ip addresses associated with the row"` PantherAnyDomainNames *PantherAnyString `json:"p_any_domain_names,omitempty" description:"Panther added field with collection of domain names associated with the row"` PantherAnySHA1Hashes *PantherAnyString `json:"p_any_sha1_hashes,omitempty" description:"Panther added field with collection of SHA1 hashes associated with the row"` PantherAnyMD5Hashes *PantherAnyString `json:"p_any_md5_hashes,omitempty" description:"Panther added field with collection of MD5 hashes associated with the row"` // contains filtered or unexported fields }
All log parsers should extend from this to get standardized fields (all prefixed with 'p_' as JSON for uniqueness) NOTE: It is VERY important that fields are added to END of the structure to avoid needed to re-build existing Glue partitions.
See https://github.com/awsdocs/amazon-athena-user-guide/blob/master/doc_source/updates-and-partitions.md
nolint(lll)
func (*PantherLog) AppendAnyDomainNamePtrs ¶ added in v0.2.0
func (pl *PantherLog) AppendAnyDomainNamePtrs(values ...*string)
func (*PantherLog) AppendAnyDomainNames ¶ added in v0.2.0
func (pl *PantherLog) AppendAnyDomainNames(values ...string)
func (*PantherLog) AppendAnyIPAddress ¶ added in v1.0.1
func (pl *PantherLog) AppendAnyIPAddress(value string) bool
func (*PantherLog) AppendAnyIPAddressPtr ¶ added in v1.0.1
func (pl *PantherLog) AppendAnyIPAddressPtr(value *string) bool
Will return true if the IP address was successfully appended, false if the value was not an IP
func (*PantherLog) AppendAnyMD5HashPtrs ¶ added in v0.3.0
func (pl *PantherLog) AppendAnyMD5HashPtrs(values ...*string)
func (*PantherLog) AppendAnyMD5Hashes ¶ added in v0.3.0
func (pl *PantherLog) AppendAnyMD5Hashes(values ...string)
func (*PantherLog) AppendAnySHA1HashPtrs ¶ added in v0.3.0
func (pl *PantherLog) AppendAnySHA1HashPtrs(values ...*string)
func (*PantherLog) AppendAnySHA1Hashes ¶ added in v0.3.0
func (pl *PantherLog) AppendAnySHA1Hashes(values ...string)
func (*PantherLog) Event ¶ added in v1.0.0
func (pl *PantherLog) Event() interface{}
Event returns event data, used when composed
func (*PantherLog) Log ¶ added in v1.0.0
func (pl *PantherLog) Log() *PantherLog
Log returns pointer to self, used when composed
func (*PantherLog) Logs ¶ added in v1.0.0
func (pl *PantherLog) Logs() []*PantherLog
Logs returns a slice with pointer to self, used when composed
func (*PantherLog) SetCoreFields ¶ added in v0.2.0
func (pl *PantherLog) SetCoreFields(logType string, eventTime *timestamp.RFC3339, event interface{})
func (*PantherLog) SetEvent ¶ added in v1.0.0
func (pl *PantherLog) SetEvent(event interface{})
SetEvent set event data, used for testing
Click to show internal directories.
Click to hide internal directories.