audit

package
v1.6.10 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 28, 2026 License: Apache-2.0 Imports: 8 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// Network event types (existing)
	EventTypeNetworkTraffic = "network_traffic"

	// Authentication event types
	EventTypeLoginSuccess = "auth_login_success"
	EventTypeLoginFailure = "auth_login_failure"
	EventTypeLogout       = "auth_logout"
	EventTypeTokenCreated = "auth_token_created"
	EventTypeTokenRevoked = "auth_token_revoked"
	EventTypeAccessDenied = "auth_access_denied"
)

Event type constants

Variables

This section is empty.

Functions

This section is empty.

Types

type AuthAuditEntry 

type AuthAuditEntry struct {
	Timestamp time.Time `json:"timestamp"`
	EventType string    `json:"event_type"` // One of EventTypeLogin*, EventTypeLogout, etc.
	UserEmail string    `json:"user_email,omitempty"`
	UserID    string    `json:"user_id,omitempty"`
	Success   bool      `json:"success"`
	IPAddress string    `json:"ip_address"`
	UserAgent string    `json:"user_agent,omitempty"`
	Endpoint  string    `json:"endpoint"`
	ErrorMsg  string    `json:"error_msg,omitempty"`
}

AuthAuditEntry represents an authentication/authorization audit log entry

type Entry 

type Entry struct {
	ID         int64     `json:"id"`
	SourceIP   string    `json:"source_ip"`
	DestIP     string    `json:"dest_ip"`
	SourcePort uint16    `json:"source_port"`
	DestPort   uint16    `json:"dest_port"`
	Protocol   string    `json:"protocol"`
	Hostname   string    `json:"hostname,omitempty"`
	Count      int64     `json:"count"`
	FirstSeen  time.Time `json:"first_seen"`
	LastSeen   time.Time `json:"last_seen"`
}

Entry represents a deduplicated audit log entry for network traffic

type QueryOptions 

type QueryOptions struct {
	SourceIP string
	DestIP   string
	Hostname string
	Port     uint16
	Limit    int
	Offset   int
}

QueryOptions for filtering audit logs

type Store 

type Store struct {
	// contains filtered or unexported fields
}

Store provides SQLite-based audit log storage with deduplication

func NewStore 

func NewStore(dbPath string) (*Store, error)

NewStore creates a new audit store with SQLite backend

func (*Store) Close 

func (s *Store) Close() error

Close closes the database connection

func (*Store) Query 

func (s *Store) Query(opts QueryOptions) ([]Entry, error)

Query retrieves audit log entries based on filter options

func (*Store) Record 

func (s *Store) Record(e *Entry) error

Record inserts or updates an audit log entry (upsert with deduplication)

func (*Store) RecordAuthEvent 

func (s *Store) RecordAuthEvent(e *AuthAuditEntry) error

RecordAuthEvent records an authentication/authorization audit event. These events are not deduplicated (unlike network traffic entries). Auth events use NULL values for network fields to avoid UNIQUE constraint conflicts.

func (*Store) StartRetentionCleanup 

func (s *Store) StartRetentionCleanup(ctx context.Context, interval time.Duration)

StartRetentionCleanup starts a background goroutine that periodically deletes old audit logs based on the retention period (default 90 days). The cleanup job runs at the specified interval (recommended: 24 hours).

The goroutine stops when the context is canceled.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.