Documentation
¶
Index ¶
Constants ¶
const ( None Action = 0 AttributesModified = 1 << (iota - 1) Created Deleted Updated Moved ConfigChange )
List of possible Actions.
Variables ¶
This section is empty.
Functions ¶
func GetFileOrigin ¶
GetFileOrigin is not supported in this platform and always returns an empty list and no error.
Types ¶
type Action ¶
type Action uint8
Action is a description of the changes described by an event.
func (Action) InAnyOrder ¶
func (action Action) InAnyOrder() ActionArray
func (Action) InOrder ¶
func (action Action) InOrder(existedBefore, existsNow bool) ActionArray
func (Action) MarshalText ¶
MarshalText marshals the Action to a textual representation of itself.
type ActionArray ¶
type ActionArray []Action
ActionArray is just syntactic sugar to invoke methods on []Action receiver
func (ActionArray) StringArray ¶
func (actions ActionArray) StringArray() []string
type Config ¶
type Config struct {
Paths []string `config:"paths" validate:"required"`
HashTypes []HashType `config:"hash_types"`
MaxFileSize string `config:"max_file_size"`
MaxFileSizeBytes uint64 `config:",ignore"`
ScanAtStart bool `config:"scan_at_start"`
ScanRatePerSec string `config:"scan_rate_per_sec"`
ScanRateBytesPerSec uint64 `config:",ignore"`
Recursive bool `config:"recursive"` // Recursive enables recursive monitoring of directories.
ExcludeFiles []match.Matcher `config:"exclude_files"`
}
Config contains the configuration parameters for the file integrity metricset.
func (*Config) IsExcludedPath ¶
IsExcludedPath checks if a path matches the exclude_files regular expressions.
type Digest ¶
type Digest []byte
Digest is a output of a hash function.
func (Digest) MarshalText ¶
MarshalText encodes the digest to a hexadecimal representation of itself.
type Event ¶
type Event struct {
Timestamp time.Time `json:"timestamp"` // Time of event.
Path string `json:"path"` // The path associated with the event.
TargetPath string `json:"target_path,omitempty"` // Target path for symlinks.
Info *Metadata `json:"info"` // File metadata (if the file exists).
Source Source `json:"source"` // Source of the event.
Action Action `json:"action"` // Action (like created, updated).
Hashes map[HashType]Digest `json:"hash,omitempty"` // File hashes.
// contains filtered or unexported fields
}
Event describe the filesystem change and includes metadata about the file.
func NewEvent ¶
func NewEvent( path string, action Action, source Source, maxFileSize uint64, hashTypes []HashType, ) Event
NewEvent creates a new Event. Any errors that occur are included in the returned Event.
func NewEventFromFileInfo ¶
func NewEventFromFileInfo( path string, info os.FileInfo, err error, action Action, source Source, maxFileSize uint64, hashTypes []HashType, ) Event
NewEventFromFileInfo creates a new Event based on data from a os.FileInfo object that has already been created. Any errors that occur are included in the returned Event.
type EventProducer ¶
type EventProducer interface {
// Start starts the event producer and writes events to the returned
// channel. When the producer is finished it will close the returned
// channel. If the returned event channel is not drained the producer will
// block (possibly causing data loss). The producer can be stopped
// prematurely by closing the provided done channel. An error is returned
// if the producer fails to start.
Start(done <-chan struct{}) (<-chan Event, error)
}
EventProducer produces events.
func NewEventReader ¶
func NewEventReader(c Config) (EventProducer, error)
NewEventReader creates a new EventProducer backed by fsnotify.
func NewFileSystemScanner ¶
func NewFileSystemScanner(c Config) (EventProducer, error)
NewFileSystemScanner creates a new EventProducer instance that scans the configured file paths.
type HashType ¶
type HashType string
HashType identifies a cryptographic algorithm.
const ( BLAKE2B_256 HashType = "blake2b_256" BLAKE2B_384 HashType = "blake2b_384" BLAKE2B_512 HashType = "blake2b_512" MD5 HashType = "md5" SHA1 HashType = "sha1" SHA224 HashType = "sha224" SHA256 HashType = "sha256" SHA384 HashType = "sha384" SHA3_224 HashType = "sha3_224" SHA3_256 HashType = "sha3_256" SHA3_384 HashType = "sha3_384" SHA3_512 HashType = "sha3_512" SHA512 HashType = "sha512" SHA512_224 HashType = "sha512_224" SHA512_256 HashType = "sha512_256" )
Enum of hash types.
type Metadata ¶
type Metadata struct {
Inode uint64 `json:"inode"`
UID uint32 `json:"uid"`
GID uint32 `json:"gid"`
SID string `json:"sid"`
Owner string `json:"owner"`
Group string `json:"group"`
Size uint64 `json:"size"`
MTime time.Time `json:"mtime"` // Last modification time.
CTime time.Time `json:"ctime"` // Last metadata change time.
Type Type `json:"type"` // File type (dir, file, symlink).
Mode os.FileMode `json:"mode"` // Permissions
SetUID bool `json:"setuid"` // setuid bit (POSIX only)
SetGID bool `json:"setgid"` // setgid bit (POSIX only)
Origin []string `json:"origin"` // External origin info for the file (MacOS only)
}
Metadata contains file metadata.
type MetricSet ¶
type MetricSet struct {
mb.BaseMetricSet
// contains filtered or unexported fields
}
MetricSet for monitoring file integrity.
func (*MetricSet) Run ¶
func (ms *MetricSet) Run(reporter mb.PushReporterV2)
Run runs the MetricSet. The method will not return control to the caller until it is finished (to stop it close the reporter.Done() channel).
type Source ¶
type Source uint8
Source identifies the source of an event (i.e. what triggered it).
func (Source) MarshalText ¶
MarshalText marshals the Source to a textual representation of itself.
type Type ¶
type Type uint8
Type identifies the file type (e.g. dir, file, symlink).
const ( UnknownType Type = iota // Typically seen in deleted notifications where the object is gone. FileType DirType SymlinkType )
Enum of possible file.Types.
func (Type) MarshalText ¶
MarshalText marshals the Type to a textual representation of itself.
Source Files
Directories