Documentation
¶
Index ¶
- Constants
- func CreateDebugHTTP(cfg config.LocalLogger) (*zerolog.Logger, error)
- func GetNodeLogs(db *gorm.DB, logType, env, uuid string, since time.Time, limit int, ...) ([]map[string]any, error)
- func GetNodeResultBucketed(db *gorm.DB, env, uuid string, since time.Time, bucketSeconds int) ([]dbutil.BucketedRow, error)
- func GetNodeResultTimestamps(db *gorm.DB, env, uuid string, since time.Time) ([]time.Time, error)
- func GetNodeStatusBucketed(db *gorm.DB, env, uuid string, since time.Time, bucketSeconds int) ([]dbutil.BucketedRow, error)
- func GetNodeStatusTimestamps(db *gorm.DB, env, uuid string, since time.Time) ([]time.Time, error)
- func GetQueryResults(db *gorm.DB, name string, since time.Time, page, pageSize int) ([]map[string]any, int64, error)
- func LoadLogstash(file string) (config.LogstashLogger, error)
- func StreamQueryResults(db *gorm.DB, name string, fn func(OsqueryQueryData) error) error
- type GraylogMessage
- type LoggerDB
- func (logDB *LoggerDB) CleanQueryLogs(entries int64) error
- func (logDB *LoggerDB) CleanResultLogs(environment string, seconds int64) error
- func (logDB *LoggerDB) CleanStatusLogs(environment string, seconds int64) error
- func (logDB *LoggerDB) Log(logType string, data []byte, environment, uuid string, debug bool)
- func (logDB *LoggerDB) Query(data []byte, environment, uuid, name string, status int, debug bool)
- func (logDB *LoggerDB) QueryLogs(name string) ([]OsqueryQueryData, error)
- func (logDB *LoggerDB) Result(data []byte, environment, uuid string, debug bool)
- func (logDB *LoggerDB) ResultLogs(uuid, environment string, seconds int64) ([]OsqueryResultData, error)
- func (logDB *LoggerDB) ResultLogsLimit(uuid, environment string, limit int) ([]OsqueryResultData, error)
- func (logDB *LoggerDB) Settings(mgr *settings.Settings)
- func (logDB *LoggerDB) Status(data []byte, environment, uuid string, debug bool)
- func (logDB *LoggerDB) StatusLogs(uuid, environment string, seconds int64) ([]OsqueryStatusData, error)
- func (logDB *LoggerDB) StatusLogsLimit(uuid, environment string, limit int) ([]OsqueryStatusData, error)
- type LoggerElastic
- type LoggerFile
- func (logFile *LoggerFile) Log(logType string, data []byte, environment, uuid string, debug bool)
- func (logFile *LoggerFile) Query(data []byte, environment, uuid, name string, status int, debug bool)
- func (logFile *LoggerFile) Result(data []byte, environment, uuid string, debug bool)
- func (logFile *LoggerFile) Settings(mgr *settings.Settings)
- func (logFile *LoggerFile) Status(data []byte, environment, uuid string, debug bool)
- type LoggerGraylog
- type LoggerKafka
- type LoggerKinesis
- type LoggerLogstash
- func (logLS *LoggerLogstash) SendHTTP(logType string, data []byte, environment, uuid string, debug bool)
- func (logLS *LoggerLogstash) SendTCP(logType string, data []byte, environment, uuid string, debug bool)
- func (logLS *LoggerLogstash) SendUDP(logType string, data []byte, environment, uuid string, debug bool)
- func (logLS *LoggerLogstash) Settings(mgr *settings.Settings)
- type LoggerNone
- func (logNone *LoggerNone) Log(logType string, data []byte, environment, uuid string, debug bool)
- func (logNone *LoggerNone) Query(data []byte, environment, uuid, name string, status int, debug bool)
- func (logNone *LoggerNone) Result(data []byte, environment, uuid string, debug bool)
- func (logNone *LoggerNone) Settings(mgr *settings.Settings)
- func (logNone *LoggerNone) Status(data []byte, environment, uuid string, debug bool)
- type LoggerS3
- type LoggerSplunk
- type LoggerStdout
- func (logStdout *LoggerStdout) Log(logType string, data []byte, environment, uuid string, debug bool)
- func (logStdout *LoggerStdout) Query(data []byte, environment, uuid, name string, status int, debug bool)
- func (logStdout *LoggerStdout) Result(data []byte, environment, uuid string, debug bool)
- func (logStdout *LoggerStdout) Settings(mgr *settings.Settings)
- func (logStdout *LoggerStdout) Status(data []byte, environment, uuid string, debug bool)
- type LoggerTLS
- func (l *LoggerTLS) DispatchLogs(data []byte, uuid, logType, environment string, metadata nodes.NodeMetadata, ...)
- func (l *LoggerTLS) DispatchQueries(queryData types.QueryWriteData, node nodes.OsqueryNode, debug bool)
- func (logTLS *LoggerTLS) Log(logType string, data []byte, environment, uuid string, debug bool)
- func (l *LoggerTLS) ProcessLogQueryResult(queriesWrite types.QueryWriteRequest, envid uint, debug bool)
- func (l *LoggerTLS) ProcessLogs(data json.RawMessage, logType, environment, ipaddress string, dataLen int, ...)
- func (logTLS *LoggerTLS) QueryLog(logType string, data []byte, environment, uuid, name string, status int, ...)
- type LogstashMessage
- type OsqueryQueryData
- type OsqueryResultData
- type OsqueryStatusData
- type SplunkMessage
Constants ¶
const ( // GraylogVersion - GELF spec version GraylogVersion = "1.1" // GraylogLevel - Log Level (informational) GraylogLevel = 6 // GraylogMethod - Method to send GraylogMethod = "POST" )
const ( // LogstashTCP for TCP inputs LogstashTCP = "tcp" // LogstashUDP for UDP inputs LogstashUDP = "udp" // LogstashHTTP for HTTP inputs LogstashHTTP = "http" )
const ( // LogstashMethod Method to send requests LogstashMethod = "POST" // LogstashContentType Content Type for requests LogstashContentType = "application/json" )
const ( // SplunkMethod Method to send requests SplunkMethod = "POST" // SplunkContentType Content Type for requests SplunkContentType = "application/json" )
const ( // NotReturned - Value not returned from agent NotReturned = "not returned" // Mismatched - Value mismatched in log entries Mismatched = "mismatched" )
const ( // Default time format for loggers LoggerTimeFormat string = "2006-01-02T15:04:05.999Z07:00" )
Variables ¶
This section is empty.
Functions ¶
func CreateDebugHTTP ¶ added in v0.4.5
func CreateDebugHTTP(cfg config.LocalLogger) (*zerolog.Logger, error)
CreateDebugHTTP to initialize the debug HTTP logger
func GetNodeLogs ¶ added in v0.5.2
func GetNodeLogs(db *gorm.DB, logType, env, uuid string, since time.Time, limit int, search string) ([]map[string]any, error)
GetNodeLogs retrieves recent log entries for a single node (status or result). logType must be "status" or "result". Results are ordered by created_at DESC. If since is non-zero only entries created strictly after that time are returned. limit is clamped to [1, 1000].
search is an optional free-text filter (substring, case-insensitive). It runs as a `LIKE` against the human-readable text columns of the row:
- status: line + message + filename
- result: name + action + columns (the serialized JSON of matched fields)
Empty search disables the filter — same behavior as a missing param.
The `LIKE` is unindexed today. If the result_data / status_data tables grow large enough to make this slow, an operator-side workaround is to narrow `since` first, which keeps the matched row count small.
func GetNodeResultBucketed ¶ added in v0.5.2
func GetNodeResultBucketed(db *gorm.DB, env, uuid string, since time.Time, bucketSeconds int) ([]dbutil.BucketedRow, error)
GetNodeResultBucketed mirrors GetNodeStatusBucketed for osquery_result_data.
func GetNodeResultTimestamps ¶ added in v0.5.2
func GetNodeStatusBucketed ¶ added in v0.5.2
func GetNodeStatusBucketed(db *gorm.DB, env, uuid string, since time.Time, bucketSeconds int) ([]dbutil.BucketedRow, error)
GetNodeStatusBucketed returns per-bucket row counts for `uuid` in `env` since `since`, with buckets aligned to `bucketSeconds`. The SQL pushes the histogram into the database (one GROUP BY) instead of shipping every timestamp to the API process — orders of magnitude less wire traffic on chatty nodes.
func GetNodeStatusTimestamps ¶ added in v0.5.2
GetNodeStatusTimestamps and GetNodeResultTimestamps return just the CreatedAt column for every status/result log row a given node has shipped since `since`. Used by the per-node activity heatmap so it can bucket on the API side without dragging the row bodies across the wire.
Returning a slice of timestamps (rather than int64 epochs) keeps the downstream bucketing arithmetic in Go's time domain, which is what the rest of cmd/api/handlers/stats.go uses.
func GetQueryResults ¶ added in v0.5.2
func GetQueryResults(db *gorm.DB, name string, since time.Time, page, pageSize int) ([]map[string]any, int64, error)
GetQueryResults retrieves rows of query result data (one per node) for a single query name. Results are ordered by created_at ASC (oldest first — query results are append-only). If since is non-zero only rows created strictly after that time are returned. page is 1-indexed; pageSize is clamped to [1, 1000]; pageSize <= 0 defaults to 100. Returns the page items, total matching rows, and any error.
func LoadLogstash ¶
func LoadLogstash(file string) (config.LogstashLogger, error)
LoadLogstash - Function to load the Logstash configuration from JSON file
func StreamQueryResults ¶ added in v0.5.2
StreamQueryResults invokes fn for each row of query result data for `name`, ordered by created_at ASC. Rows are read via a cursor so memory usage stays bounded — used by the CSV exporter. fn may return an error to stop iteration; that error is returned by StreamQueryResults.
Types ¶
type GraylogMessage ¶
type GraylogMessage struct {
Version string `json:"version"`
Host string `json:"host"`
ShortMessage string `json:"short_message"`
Timestamp int64 `json:"timestamp"`
Level uint `json:"level"`
Environment string `json:"_environment"`
Type string `json:"_type"`
UUID string `json:"_uuid"`
}
GraylogMessage to handle log format to be sent to Graylog
type LoggerDB ¶
LoggerDB will be used to log data using a database
func CreateLoggerDB ¶
CreateLoggerDB to initialize the logger without reading a config file
func CreateLoggerDBConfig ¶
func CreateLoggerDBConfig(dbConfig *config.YAMLConfigurationDB) (*LoggerDB, error)
CreateLoggerDB to initialize the logger without reading a config file
func (*LoggerDB) CleanQueryLogs ¶
CleanQueryLogs will delete old query logs
func (*LoggerDB) CleanResultLogs ¶
CleanResultLogs will delete old status logs
func (*LoggerDB) CleanStatusLogs ¶
CleanStatusLogs will delete old status logs
func (*LoggerDB) QueryLogs ¶
func (logDB *LoggerDB) QueryLogs(name string) ([]OsqueryQueryData, error)
QueryLogs will retrieve all query logs
func (*LoggerDB) ResultLogs ¶
func (logDB *LoggerDB) ResultLogs(uuid, environment string, seconds int64) ([]OsqueryResultData, error)
ResultLogs will retrieve all result logs
func (*LoggerDB) ResultLogsLimit ¶
func (logDB *LoggerDB) ResultLogsLimit(uuid, environment string, limit int) ([]OsqueryResultData, error)
ResultLogsLimit will retrieve a limited number of result logs
func (*LoggerDB) StatusLogs ¶
func (logDB *LoggerDB) StatusLogs(uuid, environment string, seconds int64) ([]OsqueryStatusData, error)
StatusLogs will retrieve all status logs
func (*LoggerDB) StatusLogsLimit ¶
func (logDB *LoggerDB) StatusLogsLimit(uuid, environment string, limit int) ([]OsqueryStatusData, error)
StatusLogsLimit will retrieve a limited number of status logs
type LoggerElastic ¶
type LoggerElastic struct {
Configuration config.ElasticLogger
Enabled bool
Client *elasticsearch.Client
}
LoggerElastic will be used to log data using Elastic
func CreateLoggerElastic ¶
func CreateLoggerElastic(cfg *config.ElasticLogger) (*LoggerElastic, error)
CreateLoggerElastic to initialize the logger
func (*LoggerElastic) IndexName ¶
func (logE *LoggerElastic) IndexName() string
IndexName - Function to return the index name
func (*LoggerElastic) Send ¶
func (logE *LoggerElastic) Send(logType string, data []byte, environment, uuid string, debug bool)
Send - Function that sends JSON logs to Elastic
func (*LoggerElastic) Settings ¶
func (logE *LoggerElastic) Settings(mgr *settings.Settings)
Settings - Function to prepare settings for the logger
type LoggerFile ¶
LoggerFile will be used to log data using external file
func CreateLoggerFile ¶
func CreateLoggerFile(cfg *config.LocalLogger) (*LoggerFile, error)
CreateLoggerFile to initialize the logger
func (*LoggerFile) Log ¶
func (logFile *LoggerFile) Log(logType string, data []byte, environment, uuid string, debug bool)
Log - Function that sends JSON result/status/query logs to stdout
func (*LoggerFile) Query ¶
func (logFile *LoggerFile) Query(data []byte, environment, uuid, name string, status int, debug bool)
Query - Function that sends JSON query logs to stdout
func (*LoggerFile) Result ¶
func (logFile *LoggerFile) Result(data []byte, environment, uuid string, debug bool)
Result - Function that sends JSON result logs to stdout
func (*LoggerFile) Settings ¶
func (logFile *LoggerFile) Settings(mgr *settings.Settings)
Settings - Function to prepare settings for the logger
type LoggerGraylog ¶
type LoggerGraylog struct {
Configuration config.GraylogLogger
Headers map[string]string
Enabled bool
}
LoggerGraylog will be used to log data using Graylog
func CreateLoggerGraylog ¶
func CreateLoggerGraylog(cfg *config.GraylogLogger) (*LoggerGraylog, error)
CreateLoggerGraylog to initialize the logger
func (*LoggerGraylog) Send ¶
func (logGL *LoggerGraylog) Send(logType string, data []byte, environment, uuid string, debug bool)
Send - Function that sends JSON logs to Graylog
func (*LoggerGraylog) Settings ¶
func (logGL *LoggerGraylog) Settings(mgr *settings.Settings)
Settings - Function to prepare settings for the logger
type LoggerKafka ¶
type LoggerKafka struct {
Enabled bool
// contains filtered or unexported fields
}
func CreateLoggerKafka ¶
func CreateLoggerKafka(config *config.KafkaLogger) (*LoggerKafka, error)
func (*LoggerKafka) Send ¶
func (l *LoggerKafka) Send(logType string, data []byte, environment, uuid string, debug bool)
func (*LoggerKafka) Settings ¶
func (l *LoggerKafka) Settings(mgr *settings.Settings)
type LoggerKinesis ¶
type LoggerKinesis struct {
Configuration config.KinesisLogger
KinesisClient *kinesis.Client
Enabled bool
}
LoggerKinesis will be used to log data using Kinesis
func CreateLoggerKinesis ¶
func CreateLoggerKinesis(cfg *config.KinesisLogger) (*LoggerKinesis, error)
CreateLoggerKinesis to initialize the logger
func (*LoggerKinesis) Send ¶
func (logSK *LoggerKinesis) Send(logType string, data []byte, environment, uuid string, debug bool)
Send - Function that sends JSON logs to Splunk HTTP Event Collector
func (*LoggerKinesis) Settings ¶
func (logSK *LoggerKinesis) Settings(mgr *settings.Settings)
Settings - Function to prepare settings for the logger
type LoggerLogstash ¶
type LoggerLogstash struct {
Configuration config.LogstashLogger
Headers map[string]string
Enabled bool
}
LoggerLogstash will be used to log data using Logstash
func CreateLoggerLogstash ¶
func CreateLoggerLogstash(cfg *config.LogstashLogger) (*LoggerLogstash, error)
CreateLoggerLogstash to initialize the logger
func (*LoggerLogstash) SendHTTP ¶
func (logLS *LoggerLogstash) SendHTTP(logType string, data []byte, environment, uuid string, debug bool)
SendHTTP - Function that sends JSON logs to Logstash via HTTP
func (*LoggerLogstash) SendTCP ¶
func (logLS *LoggerLogstash) SendTCP(logType string, data []byte, environment, uuid string, debug bool)
SendTCP - Function that sends data to Logstash via TCP
func (*LoggerLogstash) SendUDP ¶
func (logLS *LoggerLogstash) SendUDP(logType string, data []byte, environment, uuid string, debug bool)
SendUDP - Function that sends data to Logstash via UDP
func (*LoggerLogstash) Settings ¶
func (logLS *LoggerLogstash) Settings(mgr *settings.Settings)
Settings - Function to prepare settings for the logger
type LoggerNone ¶
type LoggerNone struct {
Enabled bool
}
LoggerNone will be used to not log any data
func CreateLoggerNone ¶
func CreateLoggerNone() (*LoggerNone, error)
CreateLoggerNone to initialize the logger
func (*LoggerNone) Log ¶
func (logNone *LoggerNone) Log(logType string, data []byte, environment, uuid string, debug bool)
Log - Function that sends JSON result/status/query logs to stdout
func (*LoggerNone) Query ¶
func (logNone *LoggerNone) Query(data []byte, environment, uuid, name string, status int, debug bool)
Query - Function that sends JSON query logs to stdout
func (*LoggerNone) Result ¶
func (logNone *LoggerNone) Result(data []byte, environment, uuid string, debug bool)
Result - Function that sends JSON result logs to stdout
func (*LoggerNone) Settings ¶
func (logNone *LoggerNone) Settings(mgr *settings.Settings)
Settings - Function to prepare settings for the logger
type LoggerS3 ¶
type LoggerS3 struct {
S3Config osctrl_config.S3Logger
AWSConfig aws.Config
Client *s3.Client
Enabled bool
Debug bool
}
LoggerS3 will be used to log data using S3
func CreateLoggerS3 ¶
func CreateLoggerS3(s3Config *osctrl_config.S3Logger) (*LoggerS3, error)
CreateLoggerS3 to initialize the logger
type LoggerSplunk ¶
type LoggerSplunk struct {
Configuration config.SplunkLogger
Headers map[string]string
Enabled bool
}
LoggerSplunk will be used to log data using Splunk
func CreateLoggerSplunk ¶
func CreateLoggerSplunk(cfg *config.SplunkLogger) (*LoggerSplunk, error)
CreateLoggerSplunk to initialize the logger
func (*LoggerSplunk) Send ¶
func (logSP *LoggerSplunk) Send(logType string, data []byte, environment, uuid string, debug bool)
Send - Function that sends JSON logs to Splunk HTTP Event Collector
func (*LoggerSplunk) Settings ¶
func (logSP *LoggerSplunk) Settings(mgr *settings.Settings)
Settings - Function to prepare settings for the logger
type LoggerStdout ¶
type LoggerStdout struct {
Enabled bool
}
LoggerStdout will be used to log data using stdout
func CreateLoggerStdout ¶
func CreateLoggerStdout() (*LoggerStdout, error)
CreateLoggerStdout to initialize the logger
func (*LoggerStdout) Log ¶
func (logStdout *LoggerStdout) Log(logType string, data []byte, environment, uuid string, debug bool)
Log - Function that sends JSON result/status/query logs to stdout
func (*LoggerStdout) Query ¶
func (logStdout *LoggerStdout) Query(data []byte, environment, uuid, name string, status int, debug bool)
Query - Function that sends JSON query logs to stdout
func (*LoggerStdout) Result ¶
func (logStdout *LoggerStdout) Result(data []byte, environment, uuid string, debug bool)
Result - Function that sends JSON result logs to stdout
func (*LoggerStdout) Settings ¶
func (logStdout *LoggerStdout) Settings(mgr *settings.Settings)
Settings - Function to prepare settings for the logger
type LoggerTLS ¶
type LoggerTLS struct {
Logging string
Logger interface{}
AlwaysLogger *LoggerDB
Nodes *nodes.NodeManager
Queries *queries.Queries
}
LoggerTLS will be used to handle logging for the TLS endpoint
func CreateLoggerTLS ¶
func CreateLoggerTLS(cfg config.ServiceParameters, mgr *settings.Settings, nodes *nodes.NodeManager, queries *queries.Queries) (*LoggerTLS, error)
CreateLoggerTLS to instantiate a new logger for the TLS endpoint
func (*LoggerTLS) DispatchLogs ¶
func (l *LoggerTLS) DispatchLogs(data []byte, uuid, logType, environment string, metadata nodes.NodeMetadata, debug bool)
DispatchLogs - Helper to dispatch logs
func (*LoggerTLS) DispatchQueries ¶
func (l *LoggerTLS) DispatchQueries(queryData types.QueryWriteData, node nodes.OsqueryNode, debug bool)
DispatchQueries - Helper to dispatch queries
func (*LoggerTLS) ProcessLogQueryResult ¶
func (l *LoggerTLS) ProcessLogQueryResult(queriesWrite types.QueryWriteRequest, envid uint, debug bool)
ProcessLogQueryResult - Helper to process on-demand query result logs
func (*LoggerTLS) ProcessLogs ¶
func (l *LoggerTLS) ProcessLogs(data json.RawMessage, logType, environment, ipaddress string, dataLen int, debug bool)
ProcessLogs - Helper to process logs
type LogstashMessage ¶
type LogstashMessage struct {
Time int64 `json:"time"`
LogType string `json:"log_type"`
UUID string `json:"uuid"`
Environment string `json:"environment"`
Data interface{} `json:"data"`
}
LogstashMessage to handle log format to be sent to Logstash
type OsqueryQueryData ¶
type OsqueryQueryData struct {
gorm.Model
UUID string `gorm:"index"`
Environment string
Name string
Data string
Status int
}
OsqueryQueryData to log query data to database
type OsqueryResultData ¶
type OsqueryResultData struct {
gorm.Model
UUID string `gorm:"index"`
Environment string
Name string
Action string
Epoch int64
Columns string
Counter int
}
OsqueryResultData to log result data to database
Source Files