Documentation
¶
Index ¶
- Constants
- Variables
- func LookupIPLocation(ip string) string
- func NewCommand() *cobra.Command
- func NewSweepCommand() *cobra.Command
- func NewWatchCommand() *cobra.Command
- func RunSweep(ctx context.Context, opts SweepOptions) error
- func RunWatch(ctx context.Context, opts WatchOptions) error
- func ValidateChannelConfig(ch *ChannelConfig) error
- func ValidateConfig(cfg *Config) error
- type ChannelConfig
- type Config
- type ConfigError
- type ConfigManager
- type ConfigValidator
- type CurlConfig
- type CurlNotifier
- type CurlRequest
- type CursorStore
- type EmailConfig
- type EmailInput
- type EmailNotifier
- type IPLookup
- type IPLookupProvider
- type IPLookupResult
- type LoginEvent
- type Notifier
- type NotifyOn
- type NotifyType
- type SourceState
- type SweepOptions
- type ValidationError
- type WatchOptions
Constants ¶
View Source
const ( EventLoginSuccess = "login_success" EventLoginFailed = "login_failed" )
Variables ¶
View Source
var ( ErrConfigNotFound = fmt.Errorf("notification configuration not found") ErrConfigInvalid = fmt.Errorf("invalid notification configuration") ErrNotificationFailed = fmt.Errorf("notification failed to send") ErrNotEnabled = fmt.Errorf("notification is not enabled") )
Error types
Functions ¶
func LookupIPLocation ¶ added in v0.1.0
LookupIPLocation 便捷函数
func NewCommand ¶
func NewSweepCommand ¶ added in v0.1.0
NewSweepCommand 返回 sweep 子命令,用于一次性扫描 SSH 登录事件。
func NewWatchCommand ¶ added in v0.1.0
NewWatchCommand 返回 watch 子命令,用于持续监控 SSH 登录事件。
func RunSweep ¶ added in v0.1.0
func RunSweep(ctx context.Context, opts SweepOptions) error
RunSweep 处理近期 SSH 登录事件后退出
func RunWatch ¶ added in v0.1.0
func RunWatch(ctx context.Context, opts WatchOptions) error
RunWatch 持续监听 SSH 登录事件
func ValidateChannelConfig ¶ added in v0.1.0
func ValidateChannelConfig(ch *ChannelConfig) error
ValidateChannelConfig 验证渠道配置
Types ¶
type ChannelConfig ¶ added in v0.1.0
type ChannelConfig struct {
Name string `json:"name,omitempty" yaml:"name,omitempty"` // 渠道名称(可选,用于显示)
Enabled bool `json:"enabled" yaml:"enabled"` // 是否启用
Type string `json:"type" yaml:"type"` // 类型:curl/email
// 不同类型的配置,根据 Type 使用对应字段
Curl *CurlConfig `json:"curl,omitempty" yaml:"curl,omitempty"`
Email *EmailConfig `json:"email,omitempty" yaml:"email,omitempty"`
}
ChannelConfig 单个通知渠道配置
type Config ¶
type Config struct {
Channels []ChannelConfig `json:"channels" yaml:"channels"`
}
Config 通知配置
func (*Config) GetEnabledChannels ¶ added in v0.1.0
func (c *Config) GetEnabledChannels() []ChannelConfig
GetEnabledChannels 获取所有启用的渠道配置
type ConfigError ¶
ConfigError represents a configuration error
func (*ConfigError) Error ¶
func (e *ConfigError) Error() string
type ConfigManager ¶
type ConfigManager struct {
// contains filtered or unexported fields
}
ConfigManager 配置管理器
func (*ConfigManager) BackupConfig ¶
func (cm *ConfigManager) BackupConfig() error
BackupConfig 备份配置
func (*ConfigManager) DeleteConfig ¶
func (cm *ConfigManager) DeleteConfig() error
DeleteConfig 删除配置
func (*ConfigManager) LoadConfig ¶
func (cm *ConfigManager) LoadConfig() (*Config, error)
LoadConfig 加载配置
func (*ConfigManager) RestoreConfig ¶
func (cm *ConfigManager) RestoreConfig() error
RestoreConfig 恢复配置
func (*ConfigManager) SaveConfig ¶
func (cm *ConfigManager) SaveConfig(cfg Config) error
SaveConfig 保存配置
type CurlConfig ¶ added in v0.1.0
type CurlConfig struct {
Command string `json:"command" yaml:"command"`
}
CurlConfig 自定义 Curl 通知配置 支持模板变量:{{.Type}} {{.User}} {{.IP}} {{.Port}} {{.Method}} {{.Hostname}} {{.Timestamp}} {{.Location}} {{.LogPath}} {{.Message}}
type CurlNotifier ¶ added in v0.1.0
type CurlNotifier struct {
// contains filtered or unexported fields
}
CurlNotifier 使用自定义 curl 命令的通知器
func NewCurlNotifier ¶ added in v0.1.0
func NewCurlNotifier(curlCmd string) (*CurlNotifier, error)
NewCurlNotifier 创建基于 curl 命令的通知器
func (*CurlNotifier) Send ¶ added in v0.1.0
func (c *CurlNotifier) Send(event LoginEvent) error
Send 使用 curl 命令发送通知
type CurlRequest ¶ added in v0.1.0
CurlRequest 解析后的 curl 请求
func ParseCurl ¶ added in v0.1.0
func ParseCurl(curlCmd string) (*CurlRequest, error)
ParseCurl 解析 curl 命令字符串 支持: -X/--request, -H/--header, -d/--data/--data-raw, URL
type CursorStore ¶ added in v0.1.0
type CursorStore struct {
// contains filtered or unexported fields
}
CursorStore 管理状态持久化
func NewCursorStore ¶ added in v0.1.0
func NewCursorStore(path string) (*CursorStore, error)
NewCursorStore 创建游标管理器
func (*CursorStore) Load ¶ added in v0.1.0
func (c *CursorStore) Load() (*SourceState, error)
Load 读取状态
func (*CursorStore) Save ¶ added in v0.1.0
func (c *CursorStore) Save(state *SourceState) error
Save 持久化状态
type EmailConfig ¶ added in v0.1.0
type EmailConfig struct {
To string `json:"to" yaml:"to"`
From string `json:"from" yaml:"from"`
Server string `json:"server" yaml:"server"`
Port int `json:"port" yaml:"port"`
User string `json:"user" yaml:"user"`
Pass string `json:"pass" yaml:"pass"`
}
EmailConfig 邮件通知配置
type EmailInput ¶ added in v0.1.0
type EmailInput struct {
Name string
To string
From string
Server string
User string
Pass string
Port int
}
EmailInput 命令行输入的邮件配置
type EmailNotifier ¶
type EmailNotifier struct {
To string
From string
Server string
Port int
Username string
Password string
}
func NewEmailNotifierFromChannel ¶ added in v0.1.0
func NewEmailNotifierFromChannel(cfg *EmailConfig) *EmailNotifier
NewEmailNotifierFromChannel 从渠道配置创建邮件通知器
func (*EmailNotifier) Send ¶
func (e *EmailNotifier) Send(event LoginEvent) error
func (*EmailNotifier) Test ¶
func (e *EmailNotifier) Test() error
type IPLookup ¶ added in v0.1.0
type IPLookup struct {
// contains filtered or unexported fields
}
IPLookup IP 地理位置查询器
type IPLookupProvider ¶ added in v0.1.0
type IPLookupProvider interface {
Name() string
Lookup(ctx context.Context, ip string) (*IPLookupResult, error)
}
IPLookupProvider IP 查询提供者
type IPLookupResult ¶ added in v0.1.0
IPLookupResult IP 查询结果
func (*IPLookupResult) String ¶ added in v0.1.0
func (r *IPLookupResult) String() string
type LoginEvent ¶
type LoginEvent struct {
Type string // 事件类型:login_success 或 login_failed
User string // 登录用户
IP string // 来源IP
Method string // 认证方式 password/publickey/keyboard-interactive
Port int // 来源端口
Timestamp time.Time // 事件时间
Hostname string // 主机名
Location string // IP地理位置(可选)
LogPath string // 日志来源路径(文件路径或 journald 单元)
Message string // 原始日志消息
HostIP string // 当前主机 IP(优先 IPv4)
}
LoginEvent 定义登录事件
type Notifier ¶
type Notifier interface {
// Send 发送通知
Send(event LoginEvent) error
// Test 测试通知配置
Test() error
}
Notifier 定义通知接口
type NotifyType ¶
type NotifyType int
NotifyType 定义通知类型
const ( NotifyTypeWebhook NotifyType = iota NotifyTypeEmail )
type SourceState ¶ added in v0.1.0
type SourceState struct {
JournalCursor string `json:"journal_cursor,omitempty"`
FileOffsets map[string]int64 `json:"file_offsets,omitempty"`
}
SourceState 记录不同来源的处理进度
type SweepOptions ¶ added in v0.1.0
type SweepOptions struct {
CursorPath string
Source string
JournalUnits []string
LogPaths []string
Since time.Duration
Notify bool
DisplayLoc *time.Location
NotifyOn NotifyOn // 通知类型:all/success/failed
FailLimit int // 每 IP 失败通知限制数量,0 表示不限制
FailWindow time.Duration // 失败限制时间窗口
}
SweepOptions 控制 sweep 模式行为
type ValidationError ¶
type ValidationError struct {
Errors []ConfigError
}
ValidationError represents a validation error
func (*ValidationError) AddError ¶
func (e *ValidationError) AddError(field, message string)
AddError adds a new validation error
func (*ValidationError) Error ¶
func (e *ValidationError) Error() string
func (*ValidationError) HasErrors ¶
func (e *ValidationError) HasErrors() bool
HasErrors returns true if there are validation errors
type WatchOptions ¶ added in v0.1.0
type WatchOptions struct {
CursorPath string
Source string
JournalUnits []string
LogPaths []string
PollTimeout time.Duration
DisplayLoc *time.Location
NotifyOn NotifyOn // 通知类型:all/success/failed
FailLimit int // 每 IP 失败通知限制数量,0 表示不限制
FailWindow time.Duration // 失败限制时间窗口
}
WatchOptions 控制 watch 模式行为
Source Files
Click to show internal directories.
Click to hide internal directories.