siem

package
v1.0.7 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 14, 2026 License: MIT Imports: 19 Imported by: 0

Documentation

Overview

Package siem provides event formatters for various SIEM formats.

Package siem provides Splunk SIEM integration.

Package siem provides additional SIEM platform integrations.

Package siem provides the central manager for SIEM integrations.

Package siem provides integration with the metrics and reporting packages.

Package siem provides Security Information and Event Management integration for the AegisGate AI Security Gateway. It supports multiple SIEM platforms including Splunk, Elasticsearch, QRadar, Sentinel, and more.

Features:

  • Multiple output formats (CEF, LEEF, JSON, Syslog)
  • Push and pull integration modes
  • Event buffering and batching
  • Retry with exponential backoff
  • TLS/SSL support
  • OAuth2 and API key authentication
  • Real-time event streaming
  • Audit log compliance

Index

Constants

View Source 
const (
	RFC5424Version         = 1
	RFC5424NILVALUE        = "-"
	RFC5424TimestampFormat = "2006-01-02T15:04:05.000Z07:00" // RFC3339 with microseconds
	SyslogFacilityKern     = 0
	SyslogFacilityUser     = 1
	SyslogFacilityMail     = 2
	SyslogFacilityDaemon   = 3
	SyslogFacilityAuth     = 4
	SyslogFacilitySyslog   = 5
	SyslogFacilityLpr      = 6
	SyslogFacilityNews     = 7
	SsyslogFacilityUucp    = 8
	SyslogFacilityCron     = 9
	SyslogFacilityAuthPriv = 10
	SyslogFacilityFtp      = 11
	SyslogFacilityNTP      = 12
	SyslogFacilityAudit    = 13
	SyslogFacilityAlert    = 14
	SyslogFacilityClock    = 15
	SyslogFacilityLocal0   = 16
	SyslogFacilityLocal1   = 17
	SyslogFacilityLocal2   = 18
	SyslogFacilityLocal3   = 19
	SyslogFacilityLocal4   = 20
	SyslogFacilityLocal5   = 21
	SyslogFacilityLocal6   = 22
	SyslogFacilityLocal7   = 23
)

RFC 5424 constants

View Source 
const (
	SyslogSeverityEmergency     = 0 // System is unusable
	SyslogSeverityAlert         = 1 // Action must be taken immediately
	SyslogSeverityCritical      = 2 // Critical conditions
	SyslogSeverityError         = 3 // Error conditions
	SyslogSeverityWarning       = 4 // Warning conditions
	SyslogSeverityNotice        = 5 // Normal but significant
	SyslogSeverityInformational = 6 // Informational
	SyslogSeverityDebug         = 7 // Debug-level messages
)

Syslog severity levels per RFC 5424

Variables

This section is empty.

Functions

func InitGlobalManager 

func InitGlobalManager(config Config) error

InitGlobalManager initializes the global SIEM manager.

func SaveConfig 

func SaveConfig(config *Config, path string) error

SaveConfig saves SIEM configuration to a file.

func SendEvent 

func SendEvent(event *Event) error

SendEvent sends an event using the global manager.

func SendEventSync 

func SendEventSync(ctx context.Context, event *Event) error

SendEventSync sends an event synchronously using the global manager.

func SetGlobalManager 

func SetGlobalManager(m *Manager)

SetGlobalManager sets the global SIEM manager.

func SetGlobalSIEMMetrics 

func SetGlobalSIEMMetrics(m *SIEMMetrics)

SetGlobalSIEMMetrics sets the global SIEM metrics instance.

Types

type ArcSightClient 

type ArcSightClient struct {
	// contains filtered or unexported fields
}

func NewArcSightClient 

func NewArcSightClient(config PlatformConfig) (*ArcSightClient, error)

func (*ArcSightClient) Errors 

func (c *ArcSightClient) Errors() <-chan error

func (*ArcSightClient) Events 

func (c *ArcSightClient) Events() chan<- *Event

func (*ArcSightClient) Send 

func (c *ArcSightClient) Send(ctx context.Context, event *Event) error

func (*ArcSightClient) SendBatch 

func (c *ArcSightClient) SendBatch(ctx context.Context, events []*Event) error

func (*ArcSightClient) Start 

func (c *ArcSightClient) Start()

func (*ArcSightClient) Stop 

func (c *ArcSightClient) Stop()

type ArcSightConfig 

type ArcSightConfig struct {
	CEFDestination     string
	DeviceVendor       string
	DeviceProduct      string
	DeviceVersion      string
	SmartConnectorHost string
	SmartConnectorPort int
}

type AuthConfig 

type AuthConfig struct {
	// Authentication type: api_key, oauth2, basic, certificate
	Type string `json:"type"`
	// API key (for api_key auth)
	APIKey string `json:"api_key,omitempty"`
	// API key header name
	APIKeyHeader string `json:"api_key_header,omitempty"`
	// Username (for basic auth)
	Username string `json:"username,omitempty"`
	// Password (for basic auth)
	Password string `json:"password,omitempty"`
	// OAuth2 token URL
	TokenURL string `json:"token_url,omitempty"`
	// OAuth2 client ID
	ClientID string `json:"client_id,omitempty"`
	// OAuth2 client secret
	ClientSecret string `json:"client_secret,omitempty"`
	// OAuth2 scopes
	Scopes []string `json:"scopes,omitempty"`
	// Certificate file path (for certificate auth)
	CertFile string `json:"cert_file,omitempty"`
	// Key file path (for certificate auth)
	KeyFile string `json:"key_file,omitempty"`
}

AuthConfig contains authentication settings.

type BatchConfig 

type BatchConfig struct {
	// Enable batching
	Enabled bool `json:"enabled"`
	// Maximum batch size (events)
	MaxSize int `json:"max_size"`
	// Maximum batch wait time
	MaxWait time.Duration `json:"max_wait"`
	// Maximum batch size in bytes
	MaxBytes int `json:"max_bytes,omitempty"`
}

BatchConfig contains batching settings.

type BufferConfig 

type BufferConfig struct {
	// Enable buffering
	Enabled bool `json:"enabled"`
	// Maximum buffer size (events)
	MaxSize int `json:"max_size"`
	// Buffer flush interval
	FlushInterval time.Duration `json:"flush_interval"`
	// Persist buffer to disk
	Persist bool `json:"persist"`
	// Persist directory
	PersistDir string `json:"persist_dir,omitempty"`
}

BufferConfig contains event buffering settings.

type CEFFormatter 

type CEFFormatter struct {
	// contains filtered or unexported fields
}

CEFFormatter formats events in Common Event Format. CEF format: CEF:Version|Vendor|Product|Version|Signature ID|Name|Severity|Extension

func NewCEFFormatter 

func NewCEFFormatter(platform Platform, opts CEFOptions) *CEFFormatter

NewCEFFormatter creates a new CEF formatter.

func (*CEFFormatter) ContentType 

func (f *CEFFormatter) ContentType() string

ContentType returns the content type.

func (*CEFFormatter) FileExtension 

func (f *CEFFormatter) FileExtension() string

FileExtension returns the file extension.

func (*CEFFormatter) Format 

func (f *CEFFormatter) Format(event *Event) ([]byte, error)

Format formats a single event in CEF format.

func (*CEFFormatter) FormatBatch 

func (f *CEFFormatter) FormatBatch(events []*Event) ([]byte, error)

FormatBatch formats multiple events in CEF format.

type CEFOptions 

type CEFOptions struct {
	Vendor  string
	Product string
	Version string
}

CEFOptions contains CEF formatting options.

type CSVFormatter 

type CSVFormatter struct {
	// contains filtered or unexported fields
}

CSVFormatter formats events as CSV.

func NewCSVFormatter 

func NewCSVFormatter(platform Platform, headers []string) *CSVFormatter

NewCSVFormatter creates a new CSV formatter.

func (*CSVFormatter) ContentType 

func (f *CSVFormatter) ContentType() string

ContentType returns the content type.

func (*CSVFormatter) FileExtension 

func (f *CSVFormatter) FileExtension() string

FileExtension returns the file extension.

func (*CSVFormatter) Format 

func (f *CSVFormatter) Format(event *Event) ([]byte, error)

Format formats a single event as CSV row.

func (*CSVFormatter) FormatBatch 

func (f *CSVFormatter) FormatBatch(events []*Event) ([]byte, error)

FormatBatch formats multiple events as CSV with header row.

type Client 

type Client interface {
	Send(ctx context.Context, event *Event) error
	SendBatch(ctx context.Context, events []*Event) error
	Start()
	Stop()
	Events() chan<- *Event
	Errors() <-chan error
}

Client is the interface for SIEM platform clients.

type ComplianceMapping 

type ComplianceMapping struct {
	Framework string `json:"framework"` // SOC2, PCI-DSS, HIPAA, NIST, etc.
	Control   string `json:"control"`
	Section   string `json:"section,omitempty"`
}

ComplianceMapping maps events to compliance frameworks.

type Config 

type Config struct {
	// Enabled platforms
	Platforms []PlatformConfig `json:"platforms"`
	// Global settings
	Global GlobalConfig `json:"global"`
	// Event filtering
	Filter FilterConfig `json:"filter"`
	// Buffering settings
	Buffer BufferConfig `json:"buffer"`
}

Config contains SIEM integration configuration.

func DefaultConfig 

func DefaultConfig() Config

DefaultConfig returns the default SIEM configuration.

func LoadConfig 

func LoadConfig(path string) (*Config, error)

LoadConfig loads SIEM configuration from a file.

type ElasticsearchClient 

type ElasticsearchClient struct {
	// contains filtered or unexported fields
}

ElasticsearchClient implements SIEM integration with Elasticsearch.

func NewElasticsearchClient 

func NewElasticsearchClient(config PlatformConfig) (*ElasticsearchClient, error)

NewElasticsearchClient creates a new Elasticsearch SIEM client.

func (*ElasticsearchClient) Errors 

func (c *ElasticsearchClient) Errors() <-chan error

Errors returns the error channel.

func (*ElasticsearchClient) Events 

func (c *ElasticsearchClient) Events() chan<- *Event

Events returns the event channel.

func (*ElasticsearchClient) Send 

func (c *ElasticsearchClient) Send(ctx context.Context, event *Event) error

Send sends an event to Elasticsearch.

func (*ElasticsearchClient) SendBatch 

func (c *ElasticsearchClient) SendBatch(ctx context.Context, events []*Event) error

SendBatch sends multiple events using bulk API.

func (*ElasticsearchClient) Start 

func (c *ElasticsearchClient) Start()

Start starts the background event processor.

func (*ElasticsearchClient) Stop 

func (c *ElasticsearchClient) Stop()

Stop stops the client.

type ElasticsearchConfig 

type ElasticsearchConfig struct {
	// Index name (supports date patterns)
	Index string `json:"index"`
	// Pipeline name
	Pipeline string `json:"pipeline,omitempty"`
	// Use data stream
	DataStream bool `json:"data_stream"`
	// Data stream type
	DataStreamType string `json:"data_stream_type"`
}

ElasticsearchConfig contains Elasticsearch-specific settings.

type Entity 

type Entity struct {
	Type  string `json:"type"` // user, host, ip, application, etc.
	ID    string `json:"id"`
	Name  string `json:"name,omitempty"`
	Value string `json:"value,omitempty"`
}

Entity represents a related entity in an event.

type Error 

type Error struct {
	Platform  Platform
	Operation string
	Message   string
	Retryable bool
	Cause     error
}

Error represents a SIEM integration error.

func NewError 

func NewError(platform Platform, operation, message string, retryable bool, cause error) *Error

NewError creates a new SIEM error.

func (*Error) Error 

func (e *Error) Error() string

Error implements the error interface.

func (*Error) Unwrap 

func (e *Error) Unwrap() error

Unwrap returns the underlying cause.

type Event 

type Event struct {
	// Unique identifier for this event
	ID string `json:"id"`
	// Timestamp when the event occurred
	Timestamp time.Time `json:"timestamp"`
	// Platform that generated the event
	Source string `json:"source"`
	// Event category
	Category EventCategory `json:"category"`
	// Event type (e.g., "blocked_request", "authentication_failure")
	Type string `json:"type"`
	// Action taken (block, allow, drop, throttle, etc.) - for RFC 5424
	Action string `json:"action,omitempty"`
	// Severity level
	Severity Severity `json:"severity"`
	// Human-readable message
	Message string `json:"message"`
	// Source IP address - for RFC 5424
	SourceIP string `json:"sourceIP,omitempty"`
	// Destination address - for RFC 5424
	Destination string `json:"destination,omitempty"`
	// User identifier - for RFC 5424
	User string `json:"user,omitempty"`
	// Client ID - for RFC 5424
	ClientID string `json:"clientID,omitempty"`
	// Threat type - for RFC 5424
	ThreatType string `json:"threatType,omitempty"`
	// Threat level - for RFC 5424
	ThreatLevel string `json:"threatLevel,omitempty"`
	// Pattern matched - for RFC 5424
	Pattern string `json:"pattern,omitempty"`
	// Raw event data
	Raw map[string]interface{} `json:"raw,omitempty"`
	// Additional attributes
	Attributes map[string]string `json:"attributes,omitempty"`
	// Related entities (users, IPs, hosts)
	Entities []Entity `json:"entities,omitempty"`
	// MITRE ATT&CK mapping
	MITRE *MITREMapping `json:"mitre,omitempty"`
	// Compliance framework mapping
	Compliance []ComplianceMapping `json:"compliance,omitempty"`
	// Compliance framework name - for RFC 5424
	ComplianceFramework string `json:"complianceFramework,omitempty"`
	// Compliance control ID - for RFC 5424
	ComplianceControl string `json:"complianceControl,omitempty"`
}

Event represents a security event to be sent to a SIEM.

type EventBuffer 

type EventBuffer struct {
	// contains filtered or unexported fields
}

EventBuffer provides event buffering and batching.

func NewEventBuffer 

func NewEventBuffer(platform Platform, maxSize int) *EventBuffer

NewEventBuffer creates a new event buffer.

func (*EventBuffer) Add 

func (b *EventBuffer) Add(event *Event) error

Add adds an event to the buffer.

func (*EventBuffer) AddBatch 

func (b *EventBuffer) AddBatch(events []*Event) error

AddBatch adds multiple events to the buffer.

func (*EventBuffer) Flush 

func (b *EventBuffer) Flush() []*Event

Flush returns all events and clears the buffer.

func (*EventBuffer) IsFull 

func (b *EventBuffer) IsFull() bool

IsFull returns true if the buffer is full.

func (*EventBuffer) Size 

func (b *EventBuffer) Size() int

Size returns the current buffer size.

type EventBuilder 

type EventBuilder struct {
	// contains filtered or unexported fields
}

EventBuilder provides a fluent interface for building events.

func NewEventBuilder 

func NewEventBuilder() *EventBuilder

NewEventBuilder creates a new event builder.

func (*EventBuilder) Build 

func (b *EventBuilder) Build() *Event

Build returns the constructed event.

func (*EventBuilder) WithAttribute 

func (b *EventBuilder) WithAttribute(key, value string) *EventBuilder

WithAttribute adds an attribute to the event.

func (*EventBuilder) WithCategory 

func (b *EventBuilder) WithCategory(cat EventCategory) *EventBuilder

WithCategory sets the event category.

func (*EventBuilder) WithCompliance 

func (b *EventBuilder) WithCompliance(framework, control string) *EventBuilder

WithCompliance adds compliance framework mapping to the event.

func (*EventBuilder) WithEntity 

func (b *EventBuilder) WithEntity(entityType, id, name, value string) *EventBuilder

WithEntity adds an entity to the event.

func (*EventBuilder) WithID 

func (b *EventBuilder) WithID(id string) *EventBuilder

WithID sets the event ID.

func (*EventBuilder) WithMITRE 

func (b *EventBuilder) WithMITRE(tactic, technique string) *EventBuilder

WithMITRE adds MITRE ATT&CK mapping to the event.

func (*EventBuilder) WithMessage 

func (b *EventBuilder) WithMessage(msg string) *EventBuilder

WithMessage sets the event message.

func (*EventBuilder) WithRaw 

func (b *EventBuilder) WithRaw(key string, value interface{}) *EventBuilder

WithRaw sets raw event data.

func (*EventBuilder) WithSeverity 

func (b *EventBuilder) WithSeverity(sev Severity) *EventBuilder

WithSeverity sets the event severity.

func (*EventBuilder) WithSource 

func (b *EventBuilder) WithSource(source string) *EventBuilder

WithSource sets the event source.

func (*EventBuilder) WithTimestamp 

func (b *EventBuilder) WithTimestamp(ts time.Time) *EventBuilder

WithTimestamp sets the event timestamp.

func (*EventBuilder) WithType 

func (b *EventBuilder) WithType(eventType string) *EventBuilder

WithType sets the event type.

type EventCategory 

type EventCategory string

EventCategory classifies security events. 

const (
	CategoryAuthentication EventCategory = "authentication"
	CategoryAuthorization  EventCategory = "authorization"
	CategoryAccess         EventCategory = "access"
	CategoryThreat         EventCategory = "threat"
	CategoryVulnerability  EventCategory = "vulnerability"
	CategoryCompliance     EventCategory = "compliance"
	CategoryAudit          EventCategory = "audit"
	CategoryNetwork        EventCategory = "network"
	CategoryApplication    EventCategory = "application"
	CategoryDataLoss       EventCategory = "data_loss"
	CategoryMalware        EventCategory = "malware"
	CategoryPolicy         EventCategory = "policy"
)

type EventFilter 

type EventFilter struct {
	// contains filtered or unexported fields
}

EventFilter filters events based on configuration rules.

func NewEventFilter 

func NewEventFilter(config FilterConfig) *EventFilter

NewEventFilter creates a new event filter.

func (*EventFilter) Allow 

func (f *EventFilter) Allow(event *Event) bool

Allow determines if an event should be forwarded.

type FilterConfig 

type FilterConfig struct {
	// Minimum severity to forward
	MinSeverity Severity `json:"min_severity"`
	// Include these categories only
	IncludeCategories []EventCategory `json:"include_categories,omitempty"`
	// Exclude these categories
	ExcludeCategories []EventCategory `json:"exclude_categories,omitempty"`
	// Include these event types only
	IncludeTypes []string `json:"include_types,omitempty"`
	// Exclude these event types
	ExcludeTypes []string `json:"exclude_types,omitempty"`
	// Custom filter expression
	CustomFilter string `json:"custom_filter,omitempty"`
}

FilterConfig contains event filtering settings.

type Format 

type Format string

Format represents the log output format. 

const (
	FormatJSON   Format = "json"
	FormatCEF    Format = "cef"    // Common Event Format (ArcSight)
	FormatLEEF   Format = "leef"   // Log Event Extended Format (QRadar)
	FormatSyslog Format = "syslog" // RFC 5424
	FormatCSV    Format = "csv"
)

type Formatter 

type Formatter interface {
	// Format formats a single event
	Format(event *Event) ([]byte, error)
	// FormatBatch formats multiple events
	FormatBatch(events []*Event) ([]byte, error)
	// ContentType returns the content type for the format
	ContentType() string
	// FileExtension returns the file extension for the format
	FileExtension() string
}

Formatter formats events for different SIEM platforms.

type GlobalConfig 

type GlobalConfig struct {
	// Application name/identifier
	AppName string `json:"app_name"`
	// Environment (production, staging, development)
	Environment string `json:"environment"`
	// Default severity for unmapped events
	DefaultSeverity Severity `json:"default_severity"`
	// Include raw event data
	IncludeRaw bool `json:"include_raw"`
	// Add hostname to events
	AddHostname bool `json:"add_hostname"`
	// Hostname override
	Hostname string `json:"hostname,omitempty"`
}

GlobalConfig contains global SIEM settings.

type HTTPClient 

type HTTPClient struct {
	*http.Client
	// contains filtered or unexported fields
}

HTTPClient wraps http.Client with SIEM-specific configuration.

func NewHTTPClient 

func NewHTTPClient(platform Platform, tlsConfig TLSConfig) (*HTTPClient, error)

NewHTTPClient creates a new HTTP client for SIEM integration.

func (*HTTPClient) DoRequest 

func (c *HTTPClient) DoRequest(ctx context.Context, req *http.Request, retryCfg RetryConfig) (*http.Response, error)

DoRequest performs an HTTP request with retry logic.

type HealthStatus 

type HealthStatus string

HealthStatus represents the health status of a SIEM platform. 

const (
	HealthStatusHealthy   HealthStatus = "healthy"
	HealthStatusDegraded  HealthStatus = "degraded"
	HealthStatusUnhealthy HealthStatus = "unhealthy"
	HealthStatusUnknown   HealthStatus = "unknown"
)

type JSONFormatter 

type JSONFormatter struct {
	// contains filtered or unexported fields
}

JSONFormatter formats events as JSON.

func NewJSONFormatter 

func NewJSONFormatter(platform Platform) *JSONFormatter

NewJSONFormatter creates a new JSON formatter.

func (*JSONFormatter) ContentType 

func (f *JSONFormatter) ContentType() string

ContentType returns the content type.

func (*JSONFormatter) FileExtension 

func (f *JSONFormatter) FileExtension() string

FileExtension returns the file extension.

func (*JSONFormatter) Format 

func (f *JSONFormatter) Format(event *Event) ([]byte, error)

Format formats a single event as JSON.

func (*JSONFormatter) FormatBatch 

func (f *JSONFormatter) FormatBatch(events []*Event) ([]byte, error)

FormatBatch formats multiple events as JSON lines.

type LEEFFormatter 

type LEEFFormatter struct {
	// contains filtered or unexported fields
}

LEEFFormatter formats events in LEEF format for QRadar. LEEF format: LEEF:Version|Vendor|Product|Version|Event ID|Extension

func NewLEEFFormatter 

func NewLEEFFormatter(platform Platform, opts LEEFOptions) *LEEFFormatter

NewLEEFFormatter creates a new LEEF formatter.

func (*LEEFFormatter) ContentType 

func (f *LEEFFormatter) ContentType() string

ContentType returns the content type.

func (*LEEFFormatter) FileExtension 

func (f *LEEFFormatter) FileExtension() string

FileExtension returns the file extension.

func (*LEEFFormatter) Format 

func (f *LEEFFormatter) Format(event *Event) ([]byte, error)

Format formats a single event in LEEF format.

func (*LEEFFormatter) FormatBatch 

func (f *LEEFFormatter) FormatBatch(events []*Event) ([]byte, error)

FormatBatch formats multiple events in LEEF format.

type LEEFOptions 

type LEEFOptions struct {
	Vendor  string
	Product string
	Version string
}

LEEFOptions contains LEEF formatting options.

type LogRhythmClient 

type LogRhythmClient struct {
	// contains filtered or unexported fields
}

func NewLogRhythmClient 

func NewLogRhythmClient(config PlatformConfig) (*LogRhythmClient, error)

func (*LogRhythmClient) Errors 

func (c *LogRhythmClient) Errors() <-chan error

func (*LogRhythmClient) Events 

func (c *LogRhythmClient) Events() chan<- *Event

func (*LogRhythmClient) Send 

func (c *LogRhythmClient) Send(ctx context.Context, event *Event) error

func (*LogRhythmClient) SendBatch 

func (c *LogRhythmClient) SendBatch(ctx context.Context, events []*Event) error

func (*LogRhythmClient) Start 

func (c *LogRhythmClient) Start()

func (*LogRhythmClient) Stop 

func (c *LogRhythmClient) Stop()

type LogRhythmConfig 

type LogRhythmConfig struct {
	SyslogHost          string
	SyslogPort          int
	UseTLS              bool
	APIEndpoint         string
	LogSourceIdentifier string
}

type MITREMapping 

type MITREMapping struct {
	Tactic       string   `json:"tactic,omitempty"`
	Technique    string   `json:"technique,omitempty"`
	SubTechnique string   `json:"sub_technique,omitempty"`
	Tactics      []string `json:"tactics,omitempty"`
	Techniques   []string `json:"techniques,omitempty"`
}

MITREMapping maps events to MITRE ATT&CK framework.

type Manager 

type Manager struct {
	// contains filtered or unexported fields
}

Manager is the central manager for all SIEM integrations. It provides a unified interface for sending events to multiple SIEM platforms simultaneously.

func GlobalManager 

func GlobalManager() *Manager

GlobalManager returns the global SIEM manager.

func NewManager 

func NewManager(config Config) (*Manager, error)

NewManager creates a new SIEM integration manager.

func (*Manager) Errors 

func (m *Manager) Errors() <-chan error

Errors returns the error channel.

func (*Manager) Events 

func (m *Manager) Events() chan<- *Event

Events returns the event channel for direct event injection.

func (*Manager) Send 

func (m *Manager) Send(event *Event) error

Send sends an event to all configured SIEM platforms.

func (*Manager) SendBatch 

func (m *Manager) SendBatch(events []*Event) error

SendBatch sends multiple events to all configured SIEM platforms.

func (*Manager) SendSync 

func (m *Manager) SendSync(ctx context.Context, event *Event) error

SendSync sends an event synchronously to all platforms.

func (*Manager) Start 

func (m *Manager) Start()

Start starts the manager and all platform clients.

func (*Manager) Stats 

func (m *Manager) Stats() *ManagerStats

Stats returns current manager statistics.

func (*Manager) Stop 

func (m *Manager) Stop()

Stop stops the manager and all platform clients.

type ManagerStats 

type ManagerStats struct {
	EventsReceived int64
	EventsSent     int64
	EventsDropped  int64
	EventsFiltered int64
	Errors         int64
	LastSendTime   time.Time
	PlatformStats  map[Platform]*PlatformStats
	// contains filtered or unexported fields
}

ManagerStats tracks statistics for the manager.

type MetricsHook 

type MetricsHook struct {
	// contains filtered or unexported fields
}

MetricsHook provides hooks to record metrics during SIEM operations.

func NewMetricsHook 

func NewMetricsHook(metrics *SIEMMetrics) *MetricsHook

NewMetricsHook creates a new metrics hook.

func (*MetricsHook) OnBufferUpdate 

func (h *MetricsHook) OnBufferUpdate(platform Platform, size, capacity int)

OnBufferUpdate is called when buffer status changes.

func (*MetricsHook) OnEventDropped 

func (h *MetricsHook) OnEventDropped(platform Platform)

OnEventDropped is called when an event is dropped.

func (*MetricsHook) OnEventFailed 

func (h *MetricsHook) OnEventFailed(platform Platform, err error)

OnEventFailed is called when an event fails to send.

func (*MetricsHook) OnEventFiltered 

func (h *MetricsHook) OnEventFiltered(platform Platform)

OnEventFiltered is called when an event is filtered.

func (*MetricsHook) OnEventSent 

func (h *MetricsHook) OnEventSent(platform Platform, duration time.Duration)

OnEventSent is called when an event is successfully sent.

func (*MetricsHook) OnRetry 

func (h *MetricsHook) OnRetry(platform Platform)

OnRetry is called when a retry is attempted.

type Platform 

type Platform string

Platform represents a SIEM platform type. 

const (
	PlatformSplunk        Platform = "splunk"
	PlatformElasticsearch Platform = "elasticsearch"
	PlatformQRadar        Platform = "qradar"
	PlatformSentinel      Platform = "sentinel"
	PlatformSumoLogic     Platform = "sumologic"
	PlatformLogRhythm     Platform = "logrhythm"
	PlatformCloudWatch    Platform = "cloudwatch"
	PlatformSecurityHub   Platform = "securityhub"
	PlatformArcSight      Platform = "arcsight"
	PlatformSyslog        Platform = "syslog"
	PlatformCustom        Platform = "custom"
)

type PlatformConfig 

type PlatformConfig struct {
	// Platform type
	Platform Platform `json:"platform"`
	// Enable/disable this platform
	Enabled bool `json:"enabled"`
	// Output format
	Format Format `json:"format"`
	// Endpoint URL (for HTTP-based platforms)
	Endpoint string `json:"endpoint,omitempty"`
	// Authentication configuration
	Auth AuthConfig `json:"auth"`
	// TLS configuration
	TLS TLSConfig `json:"tls"`
	// Platform-specific settings
	Settings map[string]interface{} `json:"settings,omitempty"`
	// Retry configuration
	Retry RetryConfig `json:"retry"`
	// Batch configuration
	Batch BatchConfig `json:"batch"`
}

PlatformConfig contains platform-specific configuration.

func DefaultPlatformConfig 

func DefaultPlatformConfig(platform Platform) PlatformConfig

DefaultPlatformConfig returns default configuration for a platform.

type PlatformMetricsSnapshot 

type PlatformMetricsSnapshot struct {
	EventsSent     int64
	EventsFailed   int64
	EventsFiltered int64
	EventsDropped  int64
	AvgLatency     time.Duration
	MaxLatency     time.Duration
	BufferSize     int
	BufferCapacity int
	Retries        int64
	HealthStatus   HealthStatus
	LastSendTime   time.Time
	LastErrorTime  time.Time
	LastError      string
}

PlatformMetricsSnapshot is a point-in-time snapshot of platform metrics.

type PlatformStats 

type PlatformStats struct {
	EventsSent    int64
	EventsDropped int64
	Errors        int64
	LastSendTime  time.Time
	LastError     string
}

PlatformStats tracks per-platform statistics.

type PlatformSummary 

type PlatformSummary struct {
	EventsSent     int64     `json:"events_sent"`
	EventsFailed   int64     `json:"events_failed"`
	EventsFiltered int64     `json:"events_filtered"`
	EventsDropped  int64     `json:"events_dropped"`
	AvgLatencyMs   int64     `json:"avg_latency_ms"`
	MaxLatencyMs   int64     `json:"max_latency_ms"`
	HealthStatus   string    `json:"health_status"`
	LastSendTime   time.Time `json:"last_send_time"`
}

PlatformSummary is per-platform summary data.

type QRadarClient 

type QRadarClient struct {
	// contains filtered or unexported fields
}

func NewQRadarClient 

func NewQRadarClient(config PlatformConfig) (*QRadarClient, error)

func (*QRadarClient) Errors 

func (c *QRadarClient) Errors() <-chan error

func (*QRadarClient) Events 

func (c *QRadarClient) Events() chan<- *Event

func (*QRadarClient) Send 

func (c *QRadarClient) Send(ctx context.Context, event *Event) error

func (*QRadarClient) SendBatch 

func (c *QRadarClient) SendBatch(ctx context.Context, events []*Event) error

func (*QRadarClient) Start 

func (c *QRadarClient) Start()

func (*QRadarClient) Stop 

func (c *QRadarClient) Stop()

type QRadarConfig 

type QRadarConfig struct {
	LogSourceID        string
	LogSourceName      string
	UseLEEF            bool
	LEEFVersion        string
	EventCollectorHost string
	EventCollectorPort int
}

type RFC5424Message 

type RFC5424Message struct {
	Priority       int                      // PRI (facility * 8 + severity)
	Version        int                      // VERSION (always 1)
	Timestamp      time.Time                // TIMESTAMP (RFC3339 or NILVALUE)
	Hostname       string                   // HOSTNAME or NILVALUE
	AppName        string                   // APP-NAME or NILVALUE
	ProcID         string                   // PROCID or NILVALUE
	MsgID          RFC5424MsgID             // MSGID or NILVALUE
	StructuredData []*RFC5424StructuredData // STRUCTURED-DATA
	Message        string                   // MSG
}

RFC5424Message represents a complete RFC 5424 syslog message

func NewRFC5424Message 

func NewRFC5424Message(facility, severity int, msgID RFC5424MsgID) *RFC5424Message

NewRFC5424Message creates a new RFC 5424 message

func (*RFC5424Message) AddStructuredData 

func (m *RFC5424Message) AddStructuredData(sd *RFC5424StructuredData) *RFC5424Message

AddStructuredData adds structured data to the message

func (*RFC5424Message) Build 

func (m *RFC5424Message) Build() string

Build builds the complete RFC 5424 message

func (*RFC5424Message) SetHostname 

func (m *RFC5424Message) SetHostname(hostname string) *RFC5424Message

SetHostname sets the hostname, use NILVALUE if empty

func (*RFC5424Message) SetMessage 

func (m *RFC5424Message) SetMessage(msg string) *RFC5424Message

SetMessage sets the message content

func (*RFC5424Message) SetProcID 

func (m *RFC5424Message) SetProcID(procID string) *RFC5424Message

SetProcID sets the process ID, use NILVALUE if empty

func (*RFC5424Message) SetTimestamp 

func (m *RFC5424Message) SetTimestamp(t time.Time) *RFC5424Message

SetTimestamp sets the timestamp, use NILVALUE if zero

func (*RFC5424Message) String 

func (m *RFC5424Message) String() string

String is an alias for Build

type RFC5424MsgID 

type RFC5424MsgID string

RFC5424MsgID represents the message identifier per RFC 5424 Section 6.2.7 

const (
	// Authentication events
	MSGIDAuthSuccess      RFC5424MsgID = "AUTH_SUCCESS"
	MSGIDAuthFailure      RFC5424MsgID = "AUTH_FAILURE"
	MSGIDAuthSessionStart RFC5424MsgID = "SESSION_START"
	MSGIDAuthSessionEnd   RFC5424MsgID = "SESSION_END"
	MSGIDAuthTokenRefresh RFC5424MsgID = "TOKEN_REFRESH"
	MSGIDAuthTokenRevoke  RFC5424MsgID = "TOKEN_REVOKE"
	MSGIDAuthLogout       RFC5424MsgID = "AUTH_LOGOUT"

	// Authorization events
	MSGIDAuthzSuccess RFC5424MsgID = "AUTHZ_SUCCESS"
	MSGIDAuthzFailure RFC5424MsgID = "AUTHZ_FAILURE"
	MSGIDAuthzDenied  RFC5424MsgID = "AUTHZ_DENIED"

	// Request handling
	MSGIDRequestAllowed   RFC5424MsgID = "REQUEST_ALLOWED"
	MSGIDRequestBlocked   RFC5424MsgID = "REQUEST_BLOCKED"
	MSGIDRequestDropped   RFC5424MsgID = "REQUEST_DROPPED"
	MSGIDRequestThrottled RFC5424MsgID = "REQUEST_THROTTLED"

	// Security events
	MSGIDThreatDetected    RFC5424MsgID = "THREAT_DETECTED"
	MSGIDIntrusionAttempt  RFC5424MsgID = "INTRUSION_ATTEMPT"
	MSGIDMalwareDetected   RFC5424MsgID = "MALWARE_DETECTED"
	MSGIDAnomalyDetected   RFC5424MsgID = "ANOMALY_DETECTED"
	MSGIDPolicyViolation   RFC5424MsgID = "POLICY_VIOLATION"
	MSGIDRateLimitExceeded RFC5424MsgID = "RATE_LIMIT_EXCEEDED"

	// Proxy events
	MSGIDProxyRequest  RFC5424MsgID = "PROXY_REQUEST"
	MSGIDProxyResponse RFC5424MsgID = "PROXY_RESPONSE"
	MSGIDProxyError    RFC5424MsgID = "PROXY_ERROR"
	MSGIDMITMDetected  RFC5424MsgID = "MITM_DETECTED"
	MSGIDTLSError      RFC5424MsgID = "TLS_ERROR"

	// Configuration events
	MSGIDConfigChange RFC5424MsgID = "CONFIG_CHANGE"
	MSGIDConfigLoad   RFC5424MsgID = "CONFIG_LOAD"
	MSGIDConfigError  RFC5424MsgID = "CONFIG_ERROR"
	MSGIDPolicyUpdate RFC5424MsgID = "POLICY_UPDATE"
	MSGIDPolicyDrift  RFC5424MsgID = "POLICY_DRIFT"

	// System events
	MSGIDSystemStart      RFC5424MsgID = "SYSTEM_START"
	MSGIDSystemStop       RFC5424MsgID = "SYSTEM_STOP"
	MSGIDSystemError      RFC5424MsgID = "SYSTEM_ERROR"
	MSGIDComponentFailure RFC5424MsgID = "COMPONENT_FAILURE"
	MSGIDHealthCheck      RFC5424MsgID = "HEALTH_CHECK"
	MSGIDMetricsPublish   RFC5424MsgID = "METRICS_PUBLISH"

	// Compliance events
	MSGIDComplianceViolation RFC5424MsgID = "COMPLIANCE_VIOLATION"
	MSGIDAuditLog            RFC5424MsgID = "AUDIT_LOG"
	MSGIDDataExport          RFC5424MsgID = "DATA_EXPORT"

	// Plugin events
	MSGIDPluginLoad   RFC5424MsgID = "PLUGIN_LOAD"
	MSGIDPluginUnload RFC5424MsgID = "PLUGIN_UNLOAD"
	MSGIDPluginError  RFC5424MsgID = "PLUGIN_ERROR"
)

Standard MSGID values for AegisGate events

func GetSupportedMSGIDs 

func GetSupportedMSGIDs() []RFC5424MsgID

GetSupportedMSGIDs returns all supported MSGID values

type RFC5424StructuredData 

type RFC5424StructuredData struct {
	ID     RFC5424StructuredDataID
	Params []RFC5424StructuredDataParam
}

RFC5424StructuredData represents structured data element per RFC 5424 Section 6.3

func NewRFC5424StructuredData 

func NewRFC5424StructuredData(id RFC5424StructuredDataID) *RFC5424StructuredData

NewRFC5424StructuredData creates a new structured data element

func (*RFC5424StructuredData) AddParam 

func (sd *RFC5424StructuredData) AddParam(name, value string) *RFC5424StructuredData

AddParam adds a parameter to the structured data element

func (*RFC5424StructuredData) Build 

func (sd *RFC5424StructuredData) Build() string

Build builds the SD-ELEMENT string per RFC 5424

type RFC5424StructuredDataID 

type RFC5424StructuredDataID string

RFC5424StructuredDataID represents structured data element ID per RFC 5424 Section 6.3.1 

const (
	SDIDAegisGate  RFC5424StructuredDataID = "aegisgate@32473"
	SDIDOrigin     RFC5424StructuredDataID = "origin@aegisgate"
	SDIDTarget     RFC5424StructuredDataID = "target@aegisgate"
	SDIDThreat     RFC5424StructuredDataID = "threat@aegisgate"
	SDIDCompliance RFC5424StructuredDataID = "compliance@aegisgate"
	SDIDMeta       RFC5424StructuredDataID = "meta@aegisgate"
)

Standard SD-ID values for AegisGate

type RFC5424StructuredDataParam 

type RFC5424StructuredDataParam struct {
	Name  string
	Value string
}

RFC5424StructuredDataParam represents SD-PARAM per RFC 5424 Section 6.3.2

type ReadCloser 

type ReadCloser struct {
	io.Reader
	CloseFunc func() error
}

ReadCloser wraps a reader with a closer.

func NewReadCloser 

func NewReadCloser(r io.Reader, closeFunc func() error) *ReadCloser

NewReadCloser creates a new ReadCloser.

func (*ReadCloser) Close 

func (r *ReadCloser) Close() error

Close implements io.Closer.

type RetryConfig 

type RetryConfig struct {
	// Enable retries
	Enabled bool `json:"enabled"`
	// Maximum retry attempts
	MaxAttempts int `json:"max_attempts"`
	// Initial backoff duration
	InitialBackoff time.Duration `json:"initial_backoff"`
	// Maximum backoff duration
	MaxBackoff time.Duration `json:"max_backoff"`
	// Backoff multiplier
	BackoffMultiplier float64 `json:"backoff_multiplier"`
	// Retry on these HTTP status codes
	RetryOnStatusCodes []int `json:"retry_on_status_codes,omitempty"`
}

RetryConfig contains retry settings.

type SIEMMetrics 

type SIEMMetrics struct {

	// Event counters by platform
	EventsSent     map[Platform]int64
	EventsFailed   map[Platform]int64
	EventsFiltered map[Platform]int64
	EventsDropped  map[Platform]int64

	// Latency tracking
	LatencyTotal map[Platform]time.Duration
	LatencyCount map[Platform]int64
	LatencyMax   map[Platform]time.Duration

	// Error tracking
	ErrorsByType map[Platform]map[string]int64

	// Buffer tracking
	BufferSize     map[Platform]int
	BufferCapacity map[Platform]int

	// Retry tracking
	Retries map[Platform]int64

	// Platform health status
	PlatformHealth map[Platform]HealthStatus

	// Last activity timestamps
	LastSendTime  map[Platform]time.Time
	LastErrorTime map[Platform]time.Time
	LastError     map[Platform]string
	// contains filtered or unexported fields
}

SIEMMetrics provides metrics collection for SIEM operations.

func GlobalSIEMMetrics 

func GlobalSIEMMetrics() *SIEMMetrics

GlobalSIEMMetrics returns the global SIEM metrics instance.

func NewSIEMMetrics 

func NewSIEMMetrics() *SIEMMetrics

NewSIEMMetrics creates a new SIEM metrics instance.

func (*SIEMMetrics) GetAverageLatency 

func (m *SIEMMetrics) GetAverageLatency(platform Platform) time.Duration

GetAverageLatency returns the average latency for a platform.

func (*SIEMMetrics) GetStats 

func (m *SIEMMetrics) GetStats() map[Platform]PlatformMetricsSnapshot

GetStats returns a snapshot of all metrics.

func (*SIEMMetrics) RecordBufferStatus 

func (m *SIEMMetrics) RecordBufferStatus(platform Platform, size, capacity int)

RecordBufferStatus updates buffer tracking.

func (*SIEMMetrics) RecordDropped 

func (m *SIEMMetrics) RecordDropped(platform Platform)

RecordDropped records a dropped event.

func (*SIEMMetrics) RecordEvent 

func (m *SIEMMetrics) RecordEvent(platform Platform)

RecordEvent records a successfully sent event.

func (*SIEMMetrics) RecordFailure 

func (m *SIEMMetrics) RecordFailure(platform Platform, errType string)

RecordFailure records a failed event send.

func (*SIEMMetrics) RecordFiltered 

func (m *SIEMMetrics) RecordFiltered(platform Platform)

RecordFiltered records a filtered event.

func (*SIEMMetrics) RecordLatency 

func (m *SIEMMetrics) RecordLatency(platform Platform, duration time.Duration)

RecordLatency records operation latency.

func (*SIEMMetrics) RecordRetry 

func (m *SIEMMetrics) RecordRetry(platform Platform)

RecordRetry records a retry attempt.

type SIEMReportGenerator 

type SIEMReportGenerator struct {
	// contains filtered or unexported fields
}

SIEMReportGenerator generates SIEM-specific reports.

func NewSIEMReportGenerator 

func NewSIEMReportGenerator(metrics *SIEMMetrics, manager *Manager) *SIEMReportGenerator

NewSIEMReportGenerator creates a new report generator.

func (*SIEMReportGenerator) GenerateSummaryReport 

func (g *SIEMReportGenerator) GenerateSummaryReport(startTime, endTime time.Time) *SIEMSummaryReport

GenerateSummaryReport generates a SIEM activity summary.

type SIEMSummaryReport 

type SIEMSummaryReport struct {
	StartTime     time.Time                    `json:"start_time"`
	EndTime       time.Time                    `json:"end_time"`
	Generated     time.Time                    `json:"generated"`
	TotalEvents   int64                        `json:"total_events"`
	EventsSent    int64                        `json:"events_sent"`
	EventsFailed  int64                        `json:"events_failed"`
	EventsDropped int64                        `json:"events_dropped"`
	SuccessRate   float64                      `json:"success_rate"`
	AvgLatencyMs  int64                        `json:"avg_latency_ms"`
	Platforms     map[Platform]PlatformSummary `json:"platforms"`
}

SIEMSummaryReport represents a SIEM activity summary.

type SentinelClient 

type SentinelClient struct {
	// contains filtered or unexported fields
}

func NewSentinelClient 

func NewSentinelClient(config PlatformConfig) (*SentinelClient, error)

func (*SentinelClient) Errors 

func (c *SentinelClient) Errors() <-chan error

func (*SentinelClient) Events 

func (c *SentinelClient) Events() chan<- *Event

func (*SentinelClient) Send 

func (c *SentinelClient) Send(ctx context.Context, event *Event) error

func (*SentinelClient) SendBatch 

func (c *SentinelClient) SendBatch(ctx context.Context, events []*Event) error

func (*SentinelClient) Start 

func (c *SentinelClient) Start()

func (*SentinelClient) Stop 

func (c *SentinelClient) Stop()

type SentinelConfig 

type SentinelConfig struct {
	WorkspaceID string
	SharedKey   string
	LogType     string
	ARMEndpoint string
}

type Severity 

type Severity string

Severity maps to common SIEM severity levels. 

const (
	SeverityCritical Severity = "critical"
	SeverityHigh     Severity = "high"
	SeverityMedium   Severity = "medium"
	SeverityLow      Severity = "low"
	SeverityInfo     Severity = "info"
)

type SplunkClient 

type SplunkClient struct {
	// contains filtered or unexported fields
}

SplunkClient implements SIEM integration with Splunk.

func NewSplunkClient 

func NewSplunkClient(config PlatformConfig) (*SplunkClient, error)

NewSplunkClient creates a new Splunk SIEM client.

func (*SplunkClient) Errors 

func (c *SplunkClient) Errors() <-chan error

Errors returns the error channel.

func (*SplunkClient) Events 

func (c *SplunkClient) Events() chan<- *Event

Events returns the event channel.

func (*SplunkClient) Send 

func (c *SplunkClient) Send(ctx context.Context, event *Event) error

Send sends an event to Splunk.

func (*SplunkClient) SendBatch 

func (c *SplunkClient) SendBatch(ctx context.Context, events []*Event) error

SendBatch sends multiple events to Splunk.

func (*SplunkClient) Start 

func (c *SplunkClient) Start()

Start starts the background event processor.

func (*SplunkClient) Stop 

func (c *SplunkClient) Stop()

Stop stops the client.

type SplunkConfig 

type SplunkConfig struct {
	// HEC endpoint URL
	HECURL string `json:"hec_url"`
	// HEC token
	HECToken string `json:"hec_token"`
	// Index name
	Index string `json:"index"`
	// Source type
	SourceType string `json:"source_type"`
	// Source name
	Source string `json:"source"`
	// Use batch API
	UseBatchAPI bool `json:"use_batch_api"`
}

SplunkConfig contains Splunk-specific settings.

type SplunkEvent 

type SplunkEvent struct {
	Time       int64                  `json:"time"`
	Host       string                 `json:"host"`
	Source     string                 `json:"source"`
	SourceType string                 `json:"sourcetype"`
	Index      string                 `json:"index"`
	Data       interface{}            `json:"event"`
	Fields     map[string]interface{} `json:"fields,omitempty"`
}

SplunkEvent represents a Splunk HEC event.

type SumoLogicClient 

type SumoLogicClient struct {
	// contains filtered or unexported fields
}

func NewSumoLogicClient 

func NewSumoLogicClient(config PlatformConfig) (*SumoLogicClient, error)

func (*SumoLogicClient) Errors 

func (c *SumoLogicClient) Errors() <-chan error

func (*SumoLogicClient) Events 

func (c *SumoLogicClient) Events() chan<- *Event

func (*SumoLogicClient) Send 

func (c *SumoLogicClient) Send(ctx context.Context, event *Event) error

func (*SumoLogicClient) SendBatch 

func (c *SumoLogicClient) SendBatch(ctx context.Context, events []*Event) error

func (*SumoLogicClient) Start 

func (c *SumoLogicClient) Start()

func (*SumoLogicClient) Stop 

func (c *SumoLogicClient) Stop()

type SumoLogicConfig 

type SumoLogicConfig struct {
	HTTPSourceURL  string
	SourceCategory string
	SourceName     string
	SourceHost     string
	UseGzip        bool
}

type SyslogClient 

type SyslogClient struct {
	// contains filtered or unexported fields
}

func NewSyslogClient 

func NewSyslogClient(config PlatformConfig) (*SyslogClient, error)

func (*SyslogClient) Errors 

func (c *SyslogClient) Errors() <-chan error

func (*SyslogClient) Events 

func (c *SyslogClient) Events() chan<- *Event

func (*SyslogClient) Send 

func (c *SyslogClient) Send(ctx context.Context, event *Event) error

func (*SyslogClient) SendBatch 

func (c *SyslogClient) SendBatch(ctx context.Context, events []*Event) error

func (*SyslogClient) Start 

func (c *SyslogClient) Start()

func (*SyslogClient) Stop 

func (c *SyslogClient) Stop()

type SyslogConfig 

type SyslogConfig struct {
	Host            string
	Port            int
	Protocol        string
	RFC5424         bool
	Facility        int
	AppName         string
	MessageIDPrefix string
}

type SyslogFormatter 

type SyslogFormatter struct {
	// contains filtered or unexported fields
}

SyslogFormatter formats events in RFC 5424 syslog format.

func NewSyslogFormatter 

func NewSyslogFormatter(platform Platform, opts SyslogOptions) *SyslogFormatter

NewSyslogFormatter creates a new syslog formatter.

func (*SyslogFormatter) ContentType 

func (f *SyslogFormatter) ContentType() string

ContentType returns the content type.

func (*SyslogFormatter) ConvertEventToRFC5424 

func (f *SyslogFormatter) ConvertEventToRFC5424(event *Event) *RFC5424Message

ConvertEventToRFC5424 converts a AegisGate Event to RFC 5424 format

func (*SyslogFormatter) FileExtension 

func (f *SyslogFormatter) FileExtension() string

FileExtension returns the file extension.

func (*SyslogFormatter) Format 

func (f *SyslogFormatter) Format(event *Event) ([]byte, error)

Format formats a single event in syslog format.

func (*SyslogFormatter) FormatBatch 

func (f *SyslogFormatter) FormatBatch(events []*Event) ([]byte, error)

FormatBatch formats multiple events in syslog format.

func (*SyslogFormatter) FormatRFC5424 

func (f *SyslogFormatter) FormatRFC5424(event *Event) (string, error)

FormatRFC5424 formats an event as RFC 5424 compliant syslog message

func (*SyslogFormatter) FormatRFC5424WithTimestamp 

func (f *SyslogFormatter) FormatRFC5424WithTimestamp(event *Event, timestamp time.Time) (string, error)

FormatRFC5424WithTimestamp formats with a specific timestamp

type SyslogOptions 

type SyslogOptions struct {
	Facility int
	AppName  string
	Hostname string
}

SyslogOptions contains syslog formatting options.

type TLSConfig 

type TLSConfig struct {
	// Enable TLS
	Enabled bool `json:"enabled"`
	// Skip certificate verification (insecure)
	InsecureSkipVerify bool `json:"insecure_skip_verify"`
	// CA certificate file
	CAFile string `json:"ca_file,omitempty"`
	// Server name for SNI
	ServerName string `json:"server_name,omitempty"`
	// Minimum TLS version
	MinVersion string `json:"min_version,omitempty"`
}

TLSConfig contains TLS settings.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.