Documentation ¶
Index ¶
- Constants
- func Dial() (*grpc.ClientConn, context.CancelFunc, error)
- func ExtractAuditLine(logLine string) (*types.AuditLine, error)
- func IsAuditLine(logLine string) bool
- func LogFilePath() string
- type Enricher
- func (e *Enricher) Avcs(_ context.Context, r *api.AvcRequest) (*api.AvcResponse, error)
- func (e *Enricher) ResetAvcs(_ context.Context, r *api.AvcRequest) (*api.EmptyResponse, error)
- func (e *Enricher) ResetSyscalls(_ context.Context, r *api.SyscallsRequest) (*api.EmptyResponse, error)
- func (e *Enricher) Run() error
- func (e *Enricher) Syscalls(_ context.Context, r *api.SyscallsRequest) (*api.SyscallsResponse, error)
Constants ¶
const ( // ErrorNoSyscalls is returned when no syscalls are recorded for a profile. ErrorNoSyscalls = "no syscalls recorded for profile" // ErrorNoAvcs is returned when no AVCs are recorded for a profile. ErrorNoAvcs = "no avcs recorded for profile" )
Variables ¶
This section is empty.
Functions ¶
func Dial ¶ added in v0.4.0
func Dial() (*grpc.ClientConn, context.CancelFunc, error)
Dial can be used to connect to the default GRPC server by creating a new client.
func ExtractAuditLine ¶ added in v0.7.0
ExtractAuditLine extracts an auditline from logLine.
func IsAuditLine ¶ added in v0.7.0
IsAuditLine checks whether logLine is a supported audit line.
func LogFilePath ¶ added in v0.7.0
func LogFilePath() string
LogFilePath returns either the path to the audit logs or falls back to syslog if the audit log path does not exist.
Types ¶
type Enricher ¶ added in v0.4.0
type Enricher struct { apienricher.UnimplementedEnricherServer // contains filtered or unexported fields }
Enricher is the main structure of this package.
func (*Enricher) Avcs ¶ added in v0.4.0
func (e *Enricher) Avcs( _ context.Context, r *api.AvcRequest, ) (*api.AvcResponse, error)
Avcs returns the AVC messages for a provided profile.
func (*Enricher) ResetAvcs ¶ added in v0.4.0
func (e *Enricher) ResetAvcs( _ context.Context, r *api.AvcRequest, ) (*api.EmptyResponse, error)
ResetAvcs removes the avcs for a provided profile.
func (*Enricher) ResetSyscalls ¶ added in v0.4.0
func (e *Enricher) ResetSyscalls( _ context.Context, r *api.SyscallsRequest, ) (*api.EmptyResponse, error)
ResetSyscalls removes the syscalls for a provided profile.
func (*Enricher) Run ¶ added in v0.4.0
Run the log-enricher to scrap audit logs and enrich them with Kubernetes data (namespace, pod and container).
func (*Enricher) Syscalls ¶ added in v0.4.0
func (e *Enricher) Syscalls( _ context.Context, r *api.SyscallsRequest, ) (*api.SyscallsResponse, error)
Syscalls returns the syscalls for a provided profile.