Documentation ¶
Overview ¶
Package gcplogs has log parsers for Google Cloud Platform
Index ¶
- Constants
- func LogTypes() logtypes.Group
- func NewAuditLogParser() parsers.LogParser
- type AuditData
- type AuditLog
- type AuditLogParser
- type AuthenticationInfo
- type AuthorizationInfo
- type FirstPartyPrincipal
- type HTTPRequest
- type Labels
- type LogEntry
- type LogEntryAuditLog
- type LogEntryOperation
- type LogEntrySourceLocation
- type MonitoredResource
- type PermissionDelta
- type RequestMetadata
- type ResourceAttributes
- type ServiceAccountDelegationInfo
- type Status
- type ThirdPartyPrincipal
Constants ¶
View Source
const ( AuditLogActivityLogID = "cloudaudit.googleapis.com%2Factivity" AuditLogDataLogID = "cloudaudit.googleapis.com%2Fdata_access" AuditLogSystemLogID = "cloudaudit.googleapis.com%2Fsystem_event" )
View Source
const ( LogTypePrefix = "GCP" TypeAuditLog = LogTypePrefix + ".AuditLog" )
Variables ¶
This section is empty.
Functions ¶
func NewAuditLogParser ¶
Types ¶
type AuditData ¶
type AuditData struct {
PermissionDelta PermissionDelta `json:"permissionDelta" validate:"required" description:" The permissionDelta when when creating or updating a Role."`
}
IAM Data audit log nolint:lll
type AuditLog ¶
type AuditLog struct { PayloadType *string `json:"@type" validate:"required,eq=type.googleapis.com/google.cloud.audit.AuditLog" description:"The type of payload"` ServiceName *string `json:"serviceName,omitempty" description:"The name of the API service performing the operation"` MethodName *string `` /* 144-byte string literal not displayed */ ResourceName *string `` /* 174-byte string literal not displayed */ NumResponseItems *numerics.Int64 `json:"numResponseItems,omitempty" description:"The number of items returned from a List or Query API method, if applicable."` Status *Status `json:"status,omitempty" description:"The status of the overall operation."` AuthenticationInfo *AuthenticationInfo `json:"authenticationInfo,omitempty" description:"Authentication information."` AuthorizationInfo []AuthorizationInfo `` /* 236-byte string literal not displayed */ RequestMetadata *RequestMetadata `json:"requestMetadata,omitempty" description:"Metadata about the request"` Request *jsoniter.RawMessage `` /* 320-byte string literal not displayed */ Response *jsoniter.RawMessage `` /* 323-byte string literal not displayed */ ServiceData *jsoniter.RawMessage `json:"serviceData,omitempty" description:"Other service-specific data about the request, response, and other activities."` Metadata *jsoniter.RawMessage `` /* 161-byte string literal not displayed */ }
nolint:lll
type AuditLogParser ¶
type AuditLogParser struct{}
func (*AuditLogParser) LogType ¶
func (p *AuditLogParser) LogType() string
func (*AuditLogParser) New ¶
func (p *AuditLogParser) New() parsers.LogParser
New creates a new log parser instance
func (*AuditLogParser) Parse ¶
func (p *AuditLogParser) Parse(log string) ([]*parsers.PantherLog, error)
Parse implements parsers.LogParser interface
type AuthenticationInfo ¶
type AuthenticationInfo struct { PrincipalSubject *string `` /* 155-byte string literal not displayed */ ServiceAccountKeyName *string `` /* 232-byte string literal not displayed */ PrincipalEmail *string `json:"principalEmail,omitempty" description:"The email address of the authenticated user making the request."` AuthoritySelector *string `` /* 182-byte string literal not displayed */ ThirdPartyPrincipal *jsoniter.RawMessage `` /* 254-byte string literal not displayed */ ServiceAccountDelegationInfo []ServiceAccountDelegationInfo `` /* 398-byte string literal not displayed */ }
nolint:lll
type AuthorizationInfo ¶
type AuthorizationInfo struct { Resource *string `json:"resource,omitempty" description:"The resource being accessed, as a REST-style string."` Permission *string `json:"permission,omitempty" description:"The required IAM permission"` Granted *bool `json:"granted,omitempty" description:" Whether or not authorization for resource and permission was granted."` ResourceAttributes *ResourceAttributes `` /* 330-byte string literal not displayed */ }
nolint:lll
type FirstPartyPrincipal ¶ added in v1.15.3
type FirstPartyPrincipal struct { PrincipalEmail *string `json:"principalEmail,omitempty" description:"The email address of a Google account."` ServiceMetadata *jsoniter.RawMessage `json:"serviceMetadata,omitempty" description:"Metadata about the service that uses the service account."` }
nolint:lll
type HTTPRequest ¶
type HTTPRequest struct { RequestMethod *string `json:"requestMethod,omitempty" description:"The request HTTP method."` RequestURL *string `` /* 144-byte string literal not displayed */ RequestSize *numerics.Int64 `` /* 141-byte string literal not displayed */ Status *int16 `json:"status,omitempty" description:"The response HTTP status code"` ResponseSize *numerics.Int64 `` /* 170-byte string literal not displayed */ UserAgent *string `json:"userAgent,omitempty" description:"The user agent sent by the client."` RemoteIP *string `json:"remoteIP,omitempty" description:"The IP address (IPv4 or IPv6) of the client that issued the HTTP request."` ServerIP *string `json:"serverIP,omitempty" description:"The IP address (IPv4 or IPv6) of the origin server that the request was sent to."` Referer *string `json:"referer,omitempty" description:"The referer URL of the request"` Latency *string `` /* 163-byte string literal not displayed */ CacheLookup *bool `json:"cacheLookup,omitempty" description:"Whether or not a cache lookup was attempted."` CacheHit *bool `json:"cacheHit,omitempty" description:"Whether or not an entity was served from cache (with or without validation)."` CacheValidated *bool `` /* 138-byte string literal not displayed */ CacheFillBytes *numerics.Int64 `json:"cacheFillBytes,omitempty" description:"Whether or not an entity was served from cache (with or without validation)."` Protocol *string `json:"protocol,omitempty" description:"Protocol used for the request."` }
nolint:lll
type LogEntry ¶
type LogEntry struct { LogName *string `json:"logName" validate:"required" description:"The resource name of the log to which this log entry belongs."` Severity *string `json:"severity,omitempty" description:"The severity of the log entry. The default value is LogSeverity.DEFAULT."` InsertID *string `json:"insertId,omitempty" description:"A unique identifier for the log entry."` Resource *MonitoredResource `json:"resource,omitempty" description:"The monitored resource that produced this log entry."` Timestamp *timestamp.RFC3339 `json:"timestamp,omitempty" description:"The time the event described by the log entry occurred."` ReceiveTimestamp *timestamp.RFC3339 `json:"receiveTimestamp" validate:"required" description:"The time the log entry was received by Logging."` Labels Labels `` /* 135-byte string literal not displayed */ Operation *LogEntryOperation `json:"operation,omitempty" description:"Information about an operation associated with the log entry, if applicable."` Trace *string `json:"trace,omitempty" description:"Resource name of the trace associated with the log entry, if any."` HTTPRequest *HTTPRequest `json:"httpRequest,omitempty" description:"Information about the HTTP request associated with this log entry, if applicable."` SpanID *string `json:"spanId,omitempty" description:"The span ID within the trace associated with the log entry."` TraceSampled *bool `json:"traceSampled,omitempty" description:"The sampling decision of the trace associated with the log entry."` SourceLocation *LogEntrySourceLocation `json:"sourceLocation,omitempty" description:"Source code location information associated with the log entry, if any."` }
nolint:lll
type LogEntryAuditLog ¶
type LogEntryAuditLog struct { LogEntry Payload AuditLog `json:"protoPayload" validate:"required" description:"The AuditLog payload"` parsers.PantherLog }
type LogEntryOperation ¶
type LogEntryOperation struct { ID *string `json:"id,omitempty" description:"Whether or not an entity was served from cache (with or without validation)."` Producer *string `` /* 133-byte string literal not displayed */ First *bool `json:"first,omitempty" description:"This is the first entry in an operation"` Last *bool `json:"last,omitempty" description:"This is the last entry in an operation"` }
nolint:lll
type LogEntrySourceLocation ¶
type LogEntrySourceLocation struct { File *string `` /* 146-byte string literal not displayed */ Line *numerics.Int64 `json:"line" description:"Line within the source file. 1-based; 0 indicates no line number available."` Function *string `` /* 157-byte string literal not displayed */ }
nolint:lll
type MonitoredResource ¶
type MonitoredResource struct { Type *string `json:"type" validate:"required" description:"Type of resource that produced this log entry"` Labels Labels `json:"labels" validate:"required" description:"Labels describing the resource"` }
nolint:lll
type PermissionDelta ¶
type PermissionDelta struct { AddedPermissions []string `json:"addedPermissions,omitempty" description:"Added permissions"` RemovedPermissions []string `json:"removedPermissions,omitempty" description:"Removed permissions"` }
nolint:lll
type RequestMetadata ¶
type RequestMetadata struct { CallerIP *string `json:"callerIP,omitempty" description:"The IP address of the caller."` CallerSuppliedUserAgent *string `` /* 158-byte string literal not displayed */ CallerNetwork *string `` /* 184-byte string literal not displayed */ RequestAttributes *jsoniter.RawMessage `` /* 205-byte string literal not displayed */ DestinationAttributes *jsoniter.RawMessage `` /* 127-byte string literal not displayed */ }
nolint:lll Reference https://cloud.google.com/service-infrastructure/docs/service-control/reference/rest/v1/AuditLog#RequestMetadata
type ResourceAttributes ¶ added in v1.15.3
type ResourceAttributes struct { Service *string `` /* 209-byte string literal not displayed */ Name *string `json:"name,omitempty" description:"The stable identifier (name) of a resource on the service."` Type *string `` /* 157-byte string literal not displayed */ Labels *string `` /* 131-byte string literal not displayed */ UID *string `` /* 356-byte string literal not displayed */ }
nolint:lll
type ServiceAccountDelegationInfo ¶ added in v1.15.3
type ServiceAccountDelegationInfo struct { FirstPartyPrincipal *FirstPartyPrincipal `json:"firstPartyPrincipal,omitempty" description:"First party (Google) identity as the real authority."` ThirdPartyPrincipal *ThirdPartyPrincipal `json:"thirdPartyPrincipal,omitempty" description:"Third party identity as the real authority."` }
nolint:lll
type Status ¶
type Status struct { // https://cloud.google.com/vision/docs/reference/rpc/google.rpc#google.rpc.Code Code *int32 `json:"code,omitempty" description:"The status code, which should be an enum value of google.rpc.Code."` Message *string `json:"message,omitempty" description:"A developer-facing error message, which should be in English."` Details *jsoniter.RawMessage `` /* 143-byte string literal not displayed */ }
nolint:lll
type ThirdPartyPrincipal ¶ added in v1.15.3
type ThirdPartyPrincipal struct {
ThirdPartyClaims *jsoniter.RawMessage `json:"thirdPartyClaims,omitempty" description:"Metadata about third party identity."`
}
nolint:lll
Click to show internal directories.
Click to hide internal directories.