Documentation
¶
Overview ¶
Package io implements IO primitives
Index ¶
- func Count(filename string) (count int64, err error)
- func CreateElasticIndex(wc *WriterConfig)
- func Dump(w *os.File, c DumpConfig) error
- func FPrintBuildInfo(w io.Writer)
- func FPrintLogo(w io.Writer)
- func GenerateConfig(fs *flag.FlagSet, tool string)
- func InitLabelManager(pathMappingInfo string, debug bool, scatter bool, ...)
- func InitRecord(typ types.Type) (record proto.Message)
- func NewHeader(t types.Type, source, version string, includesPayloads bool, ti time.Time) *types.Header
- func PrintBuildInfo()
- func PrintLogo()
- func SetLogger(lg *zap.Logger)
- type AuditRecordWriter
- type ChannelAuditRecordWriter
- type DumpConfig
- type ElasticConfig
- type Reader
- type WriterConfig
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func Count ¶ added in v0.6.6
Count returns the total number of records found in an audit record file it does not return an error in case of a regular EOF but will return an error in case of an unexpected EOF.
func CreateElasticIndex ¶ added in v0.6.6
func CreateElasticIndex(wc *WriterConfig)
CreateElasticIndex will create and configure a single elastic database index.
func Dump ¶ added in v0.6.6
func Dump(w *os.File, c DumpConfig) error
Dump reads the specified netcap file and dumps the output according to the configuration to the specified *io.File.
func FPrintBuildInfo ¶ added in v0.6.6
FPrintBuildInfo PrintBuildInfo displays build information related to netcap to the specified io protoWriter.
func FPrintLogo ¶ added in v0.6.6
FPrintLogo PrintLogo prints the netcap logo.
func GenerateConfig ¶ added in v0.6.6
GenerateConfig generates a default configuration for the given flag set.
func InitLabelManager ¶ added in v0.6.6
func InitLabelManager(pathMappingInfo string, debug bool, scatter bool, scatterDuration time.Duration)
InitLabelManager can be invoked to configure the labels
func InitRecord ¶ added in v0.6.6
InitRecord initializes a new record of the given type that conforms to the proto.Message interface if netcap is extended with new audit records they need to be added here as well.
func NewHeader ¶ added in v0.6.6
func NewHeader(t types.Type, source, version string, includesPayloads bool, ti time.Time) *types.Header
NewHeader creates and returns a new netcap audit file header.
func PrintBuildInfo ¶ added in v0.6.6
func PrintBuildInfo()
PrintBuildInfo displays build information related to netcap to stdout.
Types ¶
type AuditRecordWriter ¶ added in v0.6.6
type AuditRecordWriter interface {
Write(msg proto.Message) error
WriteHeader(t types.Type) error
Close(numRecords int64) (name string, size int64)
}
AuditRecordWriter is an interface for writing netcap audit records.
func NewAuditRecordWriter ¶ added in v0.6.6
func NewAuditRecordWriter(wc *WriterConfig) AuditRecordWriter
NewAuditRecordWriter will return a new writer for netcap audit records.
type ChannelAuditRecordWriter ¶ added in v0.6.6
type ChannelAuditRecordWriter interface {
AuditRecordWriter
GetChan() <-chan []byte
}
ChannelAuditRecordWriter extends the AuditRecordWriter by offering a function to get a channel to receive serialized audit records.
type DumpConfig ¶ added in v0.6.6
type DumpConfig struct {
Path string
Separator string
Selection string
MemBufferSize int
JSON bool
Table bool
UTC bool
Fields bool
TabSeparated bool
Structured bool
CSV bool
ForceColors bool
}
DumpConfig contains all possible settings for dumping an audit records this structure has an optimized field order to avoid excessive padding.
type ElasticConfig ¶ added in v0.6.6
type ElasticConfig struct {
// ElasticAddrs is a list of elastic database endpoints to send data to
// the elastic default is localhost:9200
ElasticAddrs []string
// ElasticUser is the elastic user in case the database is protected via basic auth
ElasticUser string
// ElasticPass is the elastic password in case the database is protected via basic auth
ElasticPass string
// KibanaEndpoint is the address for Kibana
KibanaEndpoint string
// LimitTotalFields is the maximum number of fields allowed per batch
LimitTotalFields int
// BulkSize controls the number of documents sent to elastic per batch
BulkSize int
}
ElasticConfig allows to overwrite elastic defaults.
type Reader ¶ added in v0.6.6
type Reader struct {
// contains filtered or unexported fields
}
Reader implements reading netcap audit record files.
type WriterConfig ¶ added in v0.6.6
type WriterConfig struct {
// Writer Types:
// Comma Separated Values writer
CSV bool
// Protobuf writer
Proto bool
// JSON writer
JSON bool
// Channel writer
Chan bool
// ChanSize is the size of chunks sent through the channel
ChanSize int
// Elastic db writer
Elastic bool
// UnixSocket writer
UnixSocket bool
// ElasticConfig allows to overwrite elastic defaults
ElasticConfig
// The Null writer will write nothing to disk and discard all data.
Null bool
// Netcap header information
Name string
Type types.Type
Buffer bool
Compress bool
Out string
MemBufferSize int
// Netcap header information
Source string
Version string
IncludesPayloads bool
StartTime time.Time
// compression
CompressionBlockSize int
CompressionLevel int
// Encode data on the fly
Encode bool
// Label data on the fly
Label bool
}
WriterConfig contains config parameters for a audit record writer.
Source Files