Documentation ¶
Index ¶
Constants ¶
const ( None Action = 0 AttributesModified = 1 << (iota - 1) Created Deleted Updated Moved ConfigChange )
List of possible Actions.
Variables ¶
This section is empty.
Functions ¶
func GetFileOrigin ¶
GetFileOrigin is not supported in this platform and always returns an empty list and no error.
Types ¶
type Action ¶
type Action uint8
Action is a description of the changes described by an event.
func (Action) InAnyOrder ¶
func (action Action) InAnyOrder() ActionArray
func (Action) InOrder ¶
func (action Action) InOrder(existedBefore, existsNow bool) ActionArray
func (Action) MarshalText ¶
MarshalText marshals the Action to a textual representation of itself.
type ActionArray ¶
type ActionArray []Action
ActionArray is just syntactic sugar to invoke methods on []Action receiver
func (ActionArray) StringArray ¶
func (actions ActionArray) StringArray() []string
type Config ¶
type Config struct { Paths []string `config:"paths" validate:"required"` HashTypes []HashType `config:"hash_types"` MaxFileSize string `config:"max_file_size"` MaxFileSizeBytes uint64 `config:",ignore"` ScanAtStart bool `config:"scan_at_start"` ScanRatePerSec string `config:"scan_rate_per_sec"` ScanRateBytesPerSec uint64 `config:",ignore"` Recursive bool `config:"recursive"` // Recursive enables recursive monitoring of directories. ExcludeFiles []match.Matcher `config:"exclude_files"` }
Config contains the configuration parameters for the file integrity metricset.
func (*Config) IsExcludedPath ¶
IsExcludedPath checks if a path matches the exclude_files regular expressions.
type Digest ¶
type Digest []byte
Digest is a output of a hash function.
func (Digest) MarshalText ¶
MarshalText encodes the digest to a hexadecimal representation of itself.
type Event ¶
type Event struct { Timestamp time.Time `json:"timestamp"` // Time of event. Path string `json:"path"` // The path associated with the event. TargetPath string `json:"target_path,omitempty"` // Target path for symlinks. Info *Metadata `json:"info"` // File metadata (if the file exists). Source Source `json:"source"` // Source of the event. Action Action `json:"action"` // Action (like created, updated). Hashes map[HashType]Digest `json:"hash,omitempty"` // File hashes. // contains filtered or unexported fields }
Event describe the filesystem change and includes metadata about the file.
func NewEvent ¶
func NewEvent( path string, action Action, source Source, maxFileSize uint64, hashTypes []HashType, ) Event
NewEvent creates a new Event. Any errors that occur are included in the returned Event.
func NewEventFromFileInfo ¶
func NewEventFromFileInfo( path string, info os.FileInfo, err error, action Action, source Source, maxFileSize uint64, hashTypes []HashType, ) Event
NewEventFromFileInfo creates a new Event based on data from a os.FileInfo object that has already been created. Any errors that occur are included in the returned Event.
type EventProducer ¶
type EventProducer interface { // Start starts the event producer and writes events to the returned // channel. When the producer is finished it will close the returned // channel. If the returned event channel is not drained the producer will // block (possibly causing data loss). The producer can be stopped // prematurely by closing the provided done channel. An error is returned // if the producer fails to start. Start(done <-chan struct{}) (<-chan Event, error) }
EventProducer produces events.
func NewEventReader ¶
func NewEventReader(c Config) (EventProducer, error)
func NewFileSystemScanner ¶
func NewFileSystemScanner(c Config) (EventProducer, error)
NewFileSystemScanner creates a new EventProducer instance that scans the configured file paths.
type HashType ¶
type HashType string
HashType identifies a cryptographic algorithm.
const ( BLAKE2B_256 HashType = "blake2b_256" BLAKE2B_384 HashType = "blake2b_384" BLAKE2B_512 HashType = "blake2b_512" MD5 HashType = "md5" SHA1 HashType = "sha1" SHA224 HashType = "sha224" SHA256 HashType = "sha256" SHA384 HashType = "sha384" SHA3_224 HashType = "sha3_224" SHA3_256 HashType = "sha3_256" SHA3_384 HashType = "sha3_384" SHA3_512 HashType = "sha3_512" SHA512 HashType = "sha512" SHA512_224 HashType = "sha512_224" SHA512_256 HashType = "sha512_256" )
Enum of hash types.
type Metadata ¶
type Metadata struct { Inode uint64 `json:"inode"` UID uint32 `json:"uid"` GID uint32 `json:"gid"` SID string `json:"sid"` Owner string `json:"owner"` Group string `json:"group"` Size uint64 `json:"size"` MTime time.Time `json:"mtime"` // Last modification time. CTime time.Time `json:"ctime"` // Last metadata change time. Type Type `json:"type"` // File type (dir, file, symlink). Mode os.FileMode `json:"mode"` // Permissions SetUID bool `json:"setuid"` // setuid bit (POSIX only) SetGID bool `json:"setgid"` // setgid bit (POSIX only) Origin []string `json:"origin"` // External origin info for the file (MacOS only) }
Metadata contains file metadata.
type MetricSet ¶
type MetricSet struct { mb.BaseMetricSet // contains filtered or unexported fields }
MetricSet for monitoring file integrity.
func (*MetricSet) Run ¶
func (ms *MetricSet) Run(reporter mb.PushReporterV2)
Run runs the MetricSet. The method will not return control to the caller until it is finished (to stop it close the reporter.Done() channel).
type Source ¶
type Source uint8
Source identifies the source of an event (i.e. what triggered it).
func (Source) MarshalText ¶
MarshalText marshals the Source to a textual representation of itself.
type Type ¶
type Type uint8
Type identifies the file type (e.g. dir, file, symlink).
const ( UnknownType Type = iota // Typically seen in deleted notifications where the object is gone. FileType DirType SymlinkType )
Enum of possible file.Types.
func (Type) MarshalText ¶
MarshalText marshals the Type to a textual representation of itself.