state

package
v1.35.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 4, 2025 License: Apache-2.0 Imports: 35 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func ClickhouseContainerEventsSchema added in v1.35.2 

func ClickhouseContainerEventsSchema() string

func ClickhouseNetflowSchema added in v1.7.0 

func ClickhouseNetflowSchema() string

func ClickhouseProcessTreeSchema added in v1.15.0 

func ClickhouseProcessTreeSchema() string

Types

type CastaiContainerEventSender added in v1.35.0 

type CastaiContainerEventSender struct {
	// contains filtered or unexported fields
}

func NewCastaiContainerEventSender added in v1.35.0 

func NewCastaiContainerEventSender(ctx context.Context, log *logging.Logger, apiClient *castai.Client) *CastaiContainerEventSender

func (*CastaiContainerEventSender) Send added in v1.35.0 

func (s *CastaiContainerEventSender) Send(ctx context.Context, batch *castpb.ContainerEventsBatch) error

type CastaiNetflowExporter added in v1.9.0 

type CastaiNetflowExporter struct {
	// contains filtered or unexported fields
}

func NewCastaiNetflowExporter added in v1.9.0 

func NewCastaiNetflowExporter(log *logging.Logger, apiClient castaiNetflowExporterClient, queueSize int) *CastaiNetflowExporter

func (*CastaiNetflowExporter) Enqueue added in v1.9.0 

func (c *CastaiNetflowExporter) Enqueue(e *castpb.Netflow)

func (*CastaiNetflowExporter) Run added in v1.9.0 

func (c *CastaiNetflowExporter) Run(rootCtx context.Context) error

type CastaiProcessTreeExporter added in v1.15.0 

type CastaiProcessTreeExporter struct {
	// contains filtered or unexported fields
}

func NewCastaiProcessTreeExporter added in v1.15.0 

func NewCastaiProcessTreeExporter(log *logging.Logger, apiClient *castai.Client, queueSize int) *CastaiProcessTreeExporter

func (*CastaiProcessTreeExporter) Enqueue added in v1.15.0 

func (c *CastaiProcessTreeExporter) Enqueue(e processtree.ProcessTreeEvent)

func (*CastaiProcessTreeExporter) Run added in v1.15.0 

func (c *CastaiProcessTreeExporter) Run(ctx context.Context) error

type CastaiStatsExporter added in v1.31.0 

type CastaiStatsExporter struct {
	// contains filtered or unexported fields
}

func NewCastaiStatsExporter added in v1.31.0 

func NewCastaiStatsExporter(log *logging.Logger, apiClient *castai.Client, queueSize int) *CastaiStatsExporter

func (*CastaiStatsExporter) Enqueue added in v1.31.0 

func (c *CastaiStatsExporter) Enqueue(e *castpb.StatsBatch)

func (*CastaiStatsExporter) Run added in v1.31.0 

func (c *CastaiStatsExporter) Run(rootCtx context.Context) error

type ClickHouseNetflowExporter added in v1.7.0 

type ClickHouseNetflowExporter struct {
	// contains filtered or unexported fields
}

func NewClickhouseNetflowExporter added in v1.7.0 

func NewClickhouseNetflowExporter(log *logging.Logger, conn clickhouse.Conn, queueSize int) *ClickHouseNetflowExporter

func (*ClickHouseNetflowExporter) Enqueue added in v1.7.0 

func (c *ClickHouseNetflowExporter) Enqueue(e *castaipb.Netflow)

func (*ClickHouseNetflowExporter) Run added in v1.7.0 

func (c *ClickHouseNetflowExporter) Run(ctx context.Context) error

type ClickhouseContainerEventsExporter added in v1.35.2 

type ClickhouseContainerEventsExporter struct {
	// contains filtered or unexported fields
}

func NewClickhouseContainerEventsExporter added in v1.35.2 

func NewClickhouseContainerEventsExporter(log *logging.Logger, conn clickhouse.Conn) *ClickhouseContainerEventsExporter

func (*ClickhouseContainerEventsExporter) Send added in v1.35.2 

func (c *ClickhouseContainerEventsExporter) Send(ctx context.Context, batch *castpb.ContainerEventsBatch) error

type ClickhouseProcessTreeExporter added in v1.15.0 

type ClickhouseProcessTreeExporter struct {
	// contains filtered or unexported fields
}

func NewClickhouseProcessTreeExporter added in v1.15.0 

func NewClickhouseProcessTreeExporter(log *logging.Logger, conn clickhouse.Conn, queueSize int) *ClickhouseProcessTreeExporter

func (*ClickhouseProcessTreeExporter) Enqueue added in v1.15.0 

func (c *ClickhouseProcessTreeExporter) Enqueue(e processtree.ProcessTreeEvent)

func (*ClickhouseProcessTreeExporter) Run added in v1.15.0 

func (c *ClickhouseProcessTreeExporter) Run(ctx context.Context) error

type Config 

type Config struct {
	StatsScrapeInterval time.Duration `json:"statsScrapeInterval"`

	NetflowExportInterval time.Duration `validate:"required" json:"netflowExportInterval"`

	EventsBatchSize     int           `validate:"required" json:"eventsBatchSize"`
	EventsFlushInterval time.Duration `validate:"required" json:"eventsFlushInterval"`
}

type ContainerEventsExporter added in v1.35.0 

type ContainerEventsExporter interface {
	DataExporter
	Enqueue(e *castpb.ContainerEventsBatch)
}

type ContainerEventsSender added in v1.35.0 

type ContainerEventsSender interface {
	Send(ctx context.Context, batch *castpb.ContainerEventsBatch) error
}

type Controller 

type Controller struct {
	// contains filtered or unexported fields
}

func NewController 

func NewController(
	log *logging.Logger,
	cfg Config,
	exporters *Exporters,
	containersClient containersClient,
	netStatsReader netStatsReader,
	ct conntrackClient,
	tracer ebpfTracer,
	signatureEngine signatureEngine,
	kubeClient kubepb.KubeAPIClient,
	processTreeCollector processTreeCollector,
	procHandler procHandler,
	enrichmentService enrichmentService,
) *Controller

func (*Controller) IsMutedNamespace 

func (c *Controller) IsMutedNamespace(namespace string) bool

func (*Controller) MuteNamespace 

func (c *Controller) MuteNamespace(namespace string) error

func (*Controller) Run 

func (c *Controller) Run(ctx context.Context) error

func (*Controller) UnmuteNamespace 

func (c *Controller) UnmuteNamespace(namespace string) error

type DataExporter added in v1.7.0 

type DataExporter interface {
	Run(ctx context.Context) error
}

type Event added in v1.35.2 

type Event struct {
	// Base event field.
	TS               time.Time `ch:"ts"`
	OrganizationID   uuid.UUID `ch:"organization_id"`
	ClusterID        uuid.UUID `ch:"cluster_id"`
	Name             string    `ch:"name"`
	Process          string    `ch:"process"`
	ProcessPid       uint32    `ch:"process_pid"`
	ProcessStartTime uint64    `ch:"process_start_time"`
	CgroupID         uint64    `ch:"cgroup_id"`
	HostPid          uint32    `ch:"host_pid"`

	// Kubernetes context fields.
	Namespace         string            `ch:"namespace"`
	WorkloadID        uuid.UUID         `ch:"workload_id"` // Point to last known pod owner or pod uid.
	PodName           string            `ch:"pod_name"`
	ContainerName     string            `ch:"container_name"`
	ContainerID       string            `ch:"container_id"`
	NodeName          string            `ch:"node_name"`
	ObjectLabels      map[string]string `ch:"object_labels"`
	ObjectAnnotations map[string]string `ch:"object_annotations"`

	// Network fields.
	DstIP       netip.Addr `ch:"dst_ip"`
	DstPort     uint16     `ch:"dst_port"`
	DstDomain   string     `ch:"dst_domain"`
	DstIPPublic bool       `ch:"dst_ip_public"`

	FlowDirection castpb.FlowDirection `ch:"flow_direction"`

	// DNS related fields.
	DNSQuestionDomain  string   `ch:"dns_question_domain"`
	DNSAnswerIPPublic  []net.IP `ch:"dns_answer_ip_public"`
	DNSAnswerIPPrivate []net.IP `ch:"dns_answer_ip_private"`
	DNSAnswerCname     []string `ch:"dns_answer_cname"`

	// Exec and file fields.
	FilePath       string   `ch:"file_path"`
	Args           []string `ch:"args"`
	ExecHashSha256 [32]byte `ch:"exec_hash_sha256"`

	// Signature related fields.
	Fd int32 `ch:"fd"`

	// SOCKS5 related fields
	SOCKS5Role        castpb.SOCKS5Role        `ch:"socks5_role"`
	SOCKS5CmdOrReply  uint8                    `ch:"socks5_cmd_or_reply"`
	SOCKS5AddressType castpb.SOCKS5AddressType `ch:"socks5_address_type"`

	// PayloadDigest is used to calculate digest for event payload.
	// For example exec file_path and args are hashed.
	// This allows to simplify events query grouping.
	PayloadDigest uint64 `ch:"payload_digest"`

	// Reusable field to hold flags any event.
	Flags uint64 `ch:"flags"`
}

type EventsExporter added in v1.7.0 

type EventsExporter interface {
	DataExporter
	Enqueue(e *castpb.Event)
}

type Exporters added in v1.7.0 

type Exporters struct {
	ContainerEvents []ContainerEventsSender
	Stats           []StatsExporter
	Netflow         []NetflowExporter
	ProcessTree     []ProcessTreeExporter
	// contains filtered or unexported fields
}

func NewExporters added in v1.7.0 

func NewExporters(log *logging.Logger) *Exporters

func (*Exporters) Empty added in v1.7.0 

func (e *Exporters) Empty() bool

func (*Exporters) Run added in v1.7.0 

func (e *Exporters) Run(ctx context.Context) error

type NetflowExporter added in v1.7.0 

type NetflowExporter interface {
	DataExporter
	Enqueue(e *castpb.Netflow)
}

type ProcessTreeExporter added in v1.15.0 

type ProcessTreeExporter interface {
	DataExporter
	Enqueue(e processtree.ProcessTreeEvent)
}

type StatsExporter added in v1.31.0 

type StatsExporter interface {
	DataExporter
	Enqueue(e *castpb.StatsBatch)
}

type StdioEventsExporter added in v1.7.0 

type StdioEventsExporter struct {
	// contains filtered or unexported fields
}

func NewStdioEventsExporter added in v1.7.0 

func NewStdioEventsExporter(log *logging.Logger) *StdioEventsExporter

func (*StdioEventsExporter) Enqueue added in v1.7.0 

func (c *StdioEventsExporter) Enqueue(e *castpb.Event)

func (*StdioEventsExporter) Run added in v1.7.0 

func (c *StdioEventsExporter) Run(ctx context.Context) error

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.