gcplogs

package
v1.13.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 30, 2020 License: AGPL-3.0 Imports: 7 Imported by: 0

Documentation

Overview

Package gcplogs has log parsers for Google Cloud Platform

Index

Constants

View Source
const (
	AuditLogActivityLogID = "cloudaudit.googleapis.com%2Factivity"
	AuditLogDataLogID     = "cloudaudit.googleapis.com%2Fdata_access"
	AuditLogSystemLogID   = "cloudaudit.googleapis.com%2Fsystem_event"
)
View Source
const (
	LogTypePrefix = "GCP"
	TypeAuditLog  = LogTypePrefix + ".AuditLog"
)

Variables

This section is empty.

Functions

func LogTypes added in v1.12.0

func LogTypes() logtypes.Group

LogTypes exports the available log type entries

func NewAuditLogParser

func NewAuditLogParser() parsers.LogParser

Types

type AuditData

type AuditData struct {
	PermissionDelta PermissionDelta `json:"permissionDelta" validate:"required" description:" The permissionDelta when when creating or updating a Role."`
}

IAM Data audit log nolint:lll

type AuditLog

type AuditLog struct {
	PayloadType        *string             `json:"@type" validate:"required,eq=type.googleapis.com/google.cloud.audit.AuditLog" description:"The type of payload"`
	ServiceName        *string             `json:"serviceName,omitempty" description:"The name of the API service performing the operation"`
	MethodName         *string             `` /* 144-byte string literal not displayed */
	ResourceName       *string             `` /* 174-byte string literal not displayed */
	NumResponseItems   *numerics.Int64     `json:"numResponseItems,omitempty" description:"The number of items returned from a List or Query API method, if applicable."`
	Status             *Status             `json:"status,omitempty" description:" The status of the overall operation."`
	AuthenticationInfo *AuthenticationInfo `json:"authenticationInfo,omitempty" description:"Authentication information."`
	AuthorizationInfo  []AuthorizationInfo `` /* 241-byte string literal not displayed */
	RequestMetadata    *RequestMetadata    `json:"requestMetadata,omitempty" description:"Metadata about the request"`
	Request            jsoniter.RawMessage `` /* 320-byte string literal not displayed */
	Response           jsoniter.RawMessage `` /* 323-byte string literal not displayed */
	ServiceData        jsoniter.RawMessage `json:"serviceData,omitempty" description:"Other service-specific data about the request, response, and other activities."`
}

nolint:lll

type AuditLogParser

type AuditLogParser struct{}

func (*AuditLogParser) LogType

func (p *AuditLogParser) LogType() string

func (*AuditLogParser) New

func (p *AuditLogParser) New() parsers.LogParser

New creates a new log parser instance

func (*AuditLogParser) Parse

func (p *AuditLogParser) Parse(log string) ([]*parsers.PantherLog, error)

Parse implements parsers.LogParser interface

type AuthenticationInfo

type AuthenticationInfo struct {
	PrincipalEmail    *string `json:"principalEmail" validate:"required" description:"The email address of the authenticated user making the request."`
	AuthoritySelector *string `` /* 182-byte string literal not displayed */
}

nolint:lll

type AuthorizationInfo

type AuthorizationInfo struct {
	Resource   *string `json:"resource,omitempty"  description:"The resource being accessed, as a REST-style string."`
	Permission *string `json:"permission,omitempty"  description:"The required IAM permission"`
	Granted    *bool   `json:"granted,omitempty" description:" Whether or not authorization for resource and permission was granted."`
}

nolint:lll

type HTTPRequest

type HTTPRequest struct {
	RequestMethod  *string         `json:"requestMethod,omitempty" description:"The request HTTP method."`
	RequestURL     *string         `` /* 144-byte string literal not displayed */
	RequestSize    *numerics.Int64 `` /* 141-byte string literal not displayed */
	Status         *int16          `json:"status,omitempty" description:"The response HTTP status code"`
	ResponseSize   *numerics.Int64 `` /* 170-byte string literal not displayed */
	UserAgent      *string         `json:"userAgent,omitempty"  description:"The user agent sent by the client."`
	RemoteIP       *string         `json:"remoteIP,omitempty"  description:"The IP address (IPv4 or IPv6) of the client that issued the HTTP request."`
	ServerIP       *string         `json:"serverIP,omitempty"  description:"The IP address (IPv4 or IPv6) of the origin server that the request was sent to."`
	Referer        *string         `json:"referer,omitempty" description:"The referer URL of the request"`
	Latency        *string         `` /* 163-byte string literal not displayed */
	CacheLookup    *bool           `json:"cacheLookup,omitempty"  description:"Whether or not a cache lookup was attempted."`
	CacheHit       *bool           `json:"cacheHit,omitempty"  description:"Whether or not an entity was served from cache (with or without validation)."`
	CacheValidated *bool           `` /* 138-byte string literal not displayed */
	CacheFillBytes *numerics.Int64 `json:"cacheFillBytes,omitempty" description:"Whether or not an entity was served from cache (with or without validation)."`
	Protocol       *string         `json:"protocol,omitempty" description:"Protocol used for the request."`
}

nolint:lll

type Labels

type Labels map[string]string

type LogEntry

type LogEntry struct {
	LogName          *string                 `json:"logName" validate:"required" description:"The resource name of the log to which this log entry belongs."`
	Severity         *string                 `json:"severity,omitempty" description:"The severity of the log entry. The default value is LogSeverity.DEFAULT."`
	InsertID         *string                 `json:"insertId,omitempty" description:"A unique identifier for the log entry."`
	Resource         MonitoredResource       `json:"resource,omitempty" description:"The monitored resource that produced this log entry."`
	Timestamp        *timestamp.RFC3339      `json:"timestamp,omitempty" description:"The time the event described by the log entry occurred."`
	ReceiveTimestamp *timestamp.RFC3339      `json:"receiveTimestamp" validate:"required" description:"The time the log entry was received by Logging."`
	Labels           Labels                  `` /* 135-byte string literal not displayed */
	Operation        *LogEntryOperation      `json:"operation,omitempty" description:"Information about an operation associated with the log entry, if applicable."`
	Trace            *string                 `json:"trace,omitempty" description:"Resource name of the trace associated with the log entry, if any."`
	HTTPRequest      *HTTPRequest            `json:"httpRequest,omitempty" description:"Information about the HTTP request associated with this log entry, if applicable."`
	SpanID           *string                 `json:"spanId,omitempty" description:"The span ID within the trace associated with the log entry."`
	TraceSampled     *bool                   `json:"traceSampled,omitempty" description:"The sampling decision of the trace associated with the log entry."`
	SourceLocation   *LogEntrySourceLocation `json:"sourceLocation,omitempty" description:"Source code location information associated with the log entry, if any."`
}

nolint:lll

func (*LogEntry) LogID

func (entry *LogEntry) LogID() string

LogID extracts the log ID from a `LogName` field. GCP logs are aggregated and use log id to differentiate different log types. A log ID is URL encoded is always the trailing path segment of a LogName.

type LogEntryAuditLog

type LogEntryAuditLog struct {
	LogEntry
	Payload AuditLog `json:"protoPayload" validate:"required" description:"The AuditLog payload"`

	parsers.PantherLog
}

type LogEntryOperation

type LogEntryOperation struct {
	ID       *string `json:"id,omitempty" description:"Whether or not an entity was served from cache (with or without validation)."`
	Producer *string `` /* 133-byte string literal not displayed */
	First    *bool   `json:"first,omitempty" description:"This is the first entry in an operation"`
	Last     *bool   `json:"last,omitempty" description:"This is the last entry in an operation"`
}

nolint:lll

type LogEntrySourceLocation

type LogEntrySourceLocation struct {
	File     *string         `` /* 146-byte string literal not displayed */
	Line     *numerics.Int64 `json:"line" description:"Line within the source file. 1-based; 0 indicates no line number available."`
	Function *string         `` /* 157-byte string literal not displayed */
}

nolint:lll

type MonitoredResource

type MonitoredResource struct {
	Type   *string `json:"type" validate:"required" description:"Type of resource that produced this log entry"`
	Labels Labels  `json:"labels" validate:"required" description:"Labels describing the resource"`
}

nolint:lll

type PermissionDelta

type PermissionDelta struct {
	AddedPermissions   []string `json:"addedPermissions,omitempty" description:"Added permissions"`
	RemovedPermissions []string `json:"removedPermissions,omitempty" description:"Removed permissions"`
}

nolint:lll

type RequestMetadata

type RequestMetadata struct {
	CallerIP                *string             `json:"callerIP,omitempty"  description:"The IP address of the caller."`
	CallerSuppliedUserAgent *string             `` /* 158-byte string literal not displayed */
	CallerNetwork           *string             `` /* 184-byte string literal not displayed */
	RequestAttributes       jsoniter.RawMessage `` /* 205-byte string literal not displayed */
	DestinationAttributes   jsoniter.RawMessage `` /* 127-byte string literal not displayed */
}

nolint:lll Reference https://cloud.google.com/service-infrastructure/docs/service-control/reference/rest/v1/AuditLog#RequestMetadata

type Status

type Status struct {
	// https://cloud.google.com/vision/docs/reference/rpc/google.rpc#google.rpc.Code
	Code    *int32              `json:"code,omitempty" description:"The status code, which should be an enum value of google.rpc.Code."`
	Message *string             `json:"message,omitempty" description:"A developer-facing error message, which should be in English."`
	Details jsoniter.RawMessage `` /* 143-byte string literal not displayed */
}

nolint:lll

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL