Documentation
¶
Overview ¶
Package monitor holds rules related files
Index ¶
- func ReportRuleSetLoaded(bundle RulesetLoadedEventBundle, sender events.EventSender, ...)
- type CoreDumpAction
- type HashAction
- type HeartbeatEvent
- type LogAction
- type NetworkFilterAction
- type PolicyMetadata
- type PolicyMonitor
- type PolicyState
- type PolicyStatus
- type RuleAction
- type RuleKillAction
- type RuleSetAction
- type RuleState
- type RulesetLoadedEvent
- type RulesetLoadedEventBundle
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ReportRuleSetLoaded ¶
func ReportRuleSetLoaded(bundle RulesetLoadedEventBundle, sender events.EventSender, statsdClient statsd.ClientInterface)
ReportRuleSetLoaded reports to Datadog that a new ruleset was loaded
Types ¶
type CoreDumpAction ¶
type CoreDumpAction struct {
Process bool `json:"process,omitempty"`
Mount bool `json:"mount,omitempty"`
Dentry bool `json:"dentry,omitempty"`
NoCompression bool `json:"no_compression,omitempty"`
}
CoreDumpAction is used to report the 'coredump' action easyjson:json
func (CoreDumpAction) MarshalEasyJSON ¶
func (v CoreDumpAction) MarshalEasyJSON(w *jwriter.Writer)
MarshalEasyJSON supports easyjson.Marshaler interface
func (*CoreDumpAction) UnmarshalEasyJSON ¶
func (v *CoreDumpAction) UnmarshalEasyJSON(l *jlexer.Lexer)
UnmarshalEasyJSON supports easyjson.Unmarshaler interface
type HashAction ¶
type HashAction struct {
Enabled bool `json:"enabled,omitempty"`
Field string `json:"field,omitempty"`
MaxFileSize int64 `json:"max_file_size,omitempty"`
}
HashAction is used to report 'hash' action easyjson:json
func (HashAction) MarshalEasyJSON ¶
func (v HashAction) MarshalEasyJSON(w *jwriter.Writer)
MarshalEasyJSON supports easyjson.Marshaler interface
func (*HashAction) UnmarshalEasyJSON ¶
func (v *HashAction) UnmarshalEasyJSON(l *jlexer.Lexer)
UnmarshalEasyJSON supports easyjson.Unmarshaler interface
type HeartbeatEvent ¶
type HeartbeatEvent struct {
events.CustomEventCommonFields
Policy *PolicyState `json:"policy"`
}
HeartbeatEvent is used to report the policies that has been loaded easyjson:json
func (HeartbeatEvent) MarshalEasyJSON ¶
func (v HeartbeatEvent) MarshalEasyJSON(w *jwriter.Writer)
MarshalEasyJSON supports easyjson.Marshaler interface
func (HeartbeatEvent) ToJSON ¶
func (e HeartbeatEvent) ToJSON() ([]byte, error)
ToJSON marshal using json format
func (*HeartbeatEvent) UnmarshalEasyJSON ¶
func (v *HeartbeatEvent) UnmarshalEasyJSON(l *jlexer.Lexer)
UnmarshalEasyJSON supports easyjson.Unmarshaler interface
type LogAction ¶
type LogAction struct {
Level string `json:"level,omitempty"`
Message string `json:"message,omitempty"`
}
LogAction is used to report the 'log' action easyjson:json
func (LogAction) MarshalEasyJSON ¶
MarshalEasyJSON supports easyjson.Marshaler interface
func (*LogAction) UnmarshalEasyJSON ¶
UnmarshalEasyJSON supports easyjson.Unmarshaler interface
type NetworkFilterAction ¶
type NetworkFilterAction struct {
Filter string `json:"filter,omitempty"`
Policy string `json:"policy,omitempty"`
Scope string `json:"scope,omitempty"`
}
NetworkFilterAction is used to report the 'network_filter' action easyjson:json
func (NetworkFilterAction) MarshalEasyJSON ¶
func (v NetworkFilterAction) MarshalEasyJSON(w *jwriter.Writer)
MarshalEasyJSON supports easyjson.Marshaler interface
func (*NetworkFilterAction) UnmarshalEasyJSON ¶
func (v *NetworkFilterAction) UnmarshalEasyJSON(l *jlexer.Lexer)
UnmarshalEasyJSON supports easyjson.Unmarshaler interface
type PolicyMetadata ¶
type PolicyMetadata struct {
// Name is the name of the policy
Name string `json:"name"`
// Version is the version of the policy
Version string `json:"version,omitempty"`
// Type is the type of content served by the policy (e.g. "policy" for a default policy, "content_pack" or empty for others)
Type string `json:"type,omitempty"`
// Source is the source of the policy
Source string `json:"source"`
// ReplacePolicyID is the ID that this policy should replace
ReplacePolicyID string `json:"replace_policy_id,omitempty"`
}
PolicyMetadata contains the basic information about a policy
func NewPolicyMetadata ¶
func NewPolicyMetadata(name, source, version, policyType, replacePolicyID string) *PolicyMetadata
NewPolicyMetadata returns a new policy metadata object
type PolicyMonitor ¶
PolicyMonitor defines a policy monitor
func NewPolicyMonitor ¶
func NewPolicyMonitor(statsdClient statsd.ClientInterface, perRuleMetricEnabled bool) *PolicyMonitor
NewPolicyMonitor returns a new Policy monitor
func (*PolicyMonitor) ReportHeartbeatEvent ¶
func (pm *PolicyMonitor) ReportHeartbeatEvent(acc *events.AgentContainerContext, sender events.EventSender)
ReportHeartbeatEvent sends HeartbeatEvents reporting the current set of policies
func (*PolicyMonitor) SetPolicies ¶
func (pm *PolicyMonitor) SetPolicies(policies []*PolicyState)
SetPolicies sets the policies to monitor
type PolicyState ¶
type PolicyState struct {
PolicyMetadata
Status PolicyStatus `json:"status"`
Message string `json:"message,omitempty"`
Rules []*RuleState `json:"rules,omitempty"`
}
PolicyState is used to report policy was loaded easyjson:json
func NewPoliciesState ¶
func NewPoliciesState(rs *rules.RuleSet, filteredRules []*rules.PolicyRule, err *multierror.Error, includeInternalPolicies bool) []*PolicyState
NewPoliciesState returns the states of policies and rules
func NewPolicyState ¶
func NewPolicyState(name, source, version, policyType, replacePolicyID string, status PolicyStatus, message string) *PolicyState
NewPolicyState returns a policy state based on the policy info
func (PolicyState) MarshalEasyJSON ¶
func (v PolicyState) MarshalEasyJSON(w *jwriter.Writer)
MarshalEasyJSON supports easyjson.Marshaler interface
func (*PolicyState) UnmarshalEasyJSON ¶
func (v *PolicyState) UnmarshalEasyJSON(l *jlexer.Lexer)
UnmarshalEasyJSON supports easyjson.Unmarshaler interface
type PolicyStatus ¶
type PolicyStatus string
PolicyStatus defines the status of a policy
const ( // PolicyStatusLoaded indicates that the policy was loaded successfully PolicyStatusLoaded PolicyStatus = "loaded" // PolicyStatusPartiallyFiltered indicates that some rules in the policy were filtered out PolicyStatusPartiallyFiltered PolicyStatus = "partially_filtered" // PolicyStatusPartiallyLoaded indicates that some rules in the policy couldn't be loaded PolicyStatusPartiallyLoaded PolicyStatus = "partially_loaded" // PolicyStatusFullyRejected indicates that all rules in the policy couldn't be loaded PolicyStatusFullyRejected PolicyStatus = "fully_rejected" // PolicyStatusFullyFiltered indicates that all rules in the policy were filtered out PolicyStatusFullyFiltered PolicyStatus = "fully_filtered" // PolicyStatusError indicates that the policy was not loaded due to an error PolicyStatusError PolicyStatus = "error" )
type RuleAction ¶
type RuleAction struct {
Filter *string `json:"filter,omitempty"`
Set *RuleSetAction `json:"set,omitempty"`
Kill *RuleKillAction `json:"kill,omitempty"`
Hash *HashAction `json:"hash,omitempty"`
CoreDump *CoreDumpAction `json:"coredump,omitempty"`
Log *LogAction `json:"log,omitempty"`
NetworkFilter *NetworkFilterAction `json:"network_filter,omitempty"`
}
RuleAction is used to report policy was loaded easyjson:json
func (RuleAction) MarshalEasyJSON ¶
func (v RuleAction) MarshalEasyJSON(w *jwriter.Writer)
MarshalEasyJSON supports easyjson.Marshaler interface
func (*RuleAction) UnmarshalEasyJSON ¶
func (v *RuleAction) UnmarshalEasyJSON(l *jlexer.Lexer)
UnmarshalEasyJSON supports easyjson.Unmarshaler interface
type RuleKillAction ¶
type RuleKillAction struct {
Signal string `json:"signal,omitempty"`
Scope string `json:"scope,omitempty"`
}
RuleKillAction is used to report the 'kill' action easyjson:json
func (RuleKillAction) MarshalEasyJSON ¶
func (v RuleKillAction) MarshalEasyJSON(w *jwriter.Writer)
MarshalEasyJSON supports easyjson.Marshaler interface
func (*RuleKillAction) UnmarshalEasyJSON ¶
func (v *RuleKillAction) UnmarshalEasyJSON(l *jlexer.Lexer)
UnmarshalEasyJSON supports easyjson.Unmarshaler interface
type RuleSetAction ¶
type RuleSetAction struct {
Name string `json:"name,omitempty"`
Value interface{} `json:"value,omitempty"`
DefaultValue interface{} `json:"default_value,omitempty"`
Field string `json:"field,omitempty"`
Expression string `json:"expression,omitempty"`
Append bool `json:"append,omitempty"`
Scope string `json:"scope,omitempty"`
ScopeField string `json:"scope_field,omitempty"`
Size int `json:"size,omitempty"`
TTL string `json:"ttl,omitempty"`
Inherited bool `json:"inherited,omitempty"`
}
RuleSetAction is used to report 'set' action easyjson:json
func (RuleSetAction) MarshalEasyJSON ¶
func (v RuleSetAction) MarshalEasyJSON(w *jwriter.Writer)
MarshalEasyJSON supports easyjson.Marshaler interface
func (*RuleSetAction) UnmarshalEasyJSON ¶
func (v *RuleSetAction) UnmarshalEasyJSON(l *jlexer.Lexer)
UnmarshalEasyJSON supports easyjson.Unmarshaler interface
type RuleState ¶
type RuleState struct {
ID string `json:"id"`
Version string `json:"version,omitempty"`
Expression string `json:"expression"`
Status string `json:"status"`
Message string `json:"message,omitempty"`
FilterType string `json:"filter_type,omitempty"`
AgentVersionConstraint string `json:"agent_version,omitempty"`
Filters []string `json:"filters,omitempty"`
Tags map[string]string `json:"tags,omitempty"`
ProductTags []string `json:"product_tags,omitempty"`
Actions []RuleAction `json:"actions,omitempty"`
ModifiedBy []*PolicyMetadata `json:"modified_by,omitempty"`
Priority int `json:"priority,omitempty"`
}
RuleState defines a loaded rule easyjson:json
func RuleStateFromRule ¶
func RuleStateFromRule(rule *rules.PolicyRule, policy *rules.PolicyInfo, status string, message string) *RuleState
RuleStateFromRule returns a rule state based on the given rule
func (RuleState) MarshalEasyJSON ¶
MarshalEasyJSON supports easyjson.Marshaler interface
func (*RuleState) UnmarshalEasyJSON ¶
UnmarshalEasyJSON supports easyjson.Unmarshaler interface
type RulesetLoadedEvent ¶
type RulesetLoadedEvent struct {
events.CustomEventCommonFields
Policies []*PolicyState `json:"policies"`
Filters *kfilters.FilterReport `json:"filters,omitempty"`
MonitoredFiles []string `json:"monitored_files,omitempty"`
}
RulesetLoadedEvent is used to report that a new ruleset was loaded easyjson:json
func (RulesetLoadedEvent) MarshalEasyJSON ¶
func (v RulesetLoadedEvent) MarshalEasyJSON(w *jwriter.Writer)
MarshalEasyJSON supports easyjson.Marshaler interface
func (RulesetLoadedEvent) ToJSON ¶
func (e RulesetLoadedEvent) ToJSON() ([]byte, error)
ToJSON marshal using json format
func (*RulesetLoadedEvent) UnmarshalEasyJSON ¶
func (v *RulesetLoadedEvent) UnmarshalEasyJSON(l *jlexer.Lexer)
UnmarshalEasyJSON supports easyjson.Unmarshaler interface
type RulesetLoadedEventBundle ¶
type RulesetLoadedEventBundle struct {
Rule *rules.Rule
Event *events.CustomEvent
}
RulesetLoadedEventBundle is used to report a ruleset loaded event
func NewRuleSetLoadedEvent ¶
func NewRuleSetLoadedEvent(acc *events.AgentContainerContext, rs *rules.RuleSet, policies []*PolicyState, filterReport *kfilters.FilterReport) RulesetLoadedEventBundle
NewRuleSetLoadedEvent returns the rule (e.g. ruleset_loaded) and a populated custom event for a new_rules_loaded event
Source Files