Documentation
¶
Index ¶
- Variables
- type ALB
- type ALBParser
- type AuroraMySQLAudit
- type AuroraMySQLAuditParser
- type CloudTrail
- type CloudTrailParser
- type CloudTrailRecords
- type CloudTrailResources
- type CloudTrailSessionContext
- type CloudTrailSessionContextAttributes
- type CloudTrailSessionContextSessionIssuer
- type CloudTrailSessionContextWebIDFederationData
- type CloudTrailUserIdentity
- type GuardDuty
- type GuardDutyParser
- type GuardDutyService
- type S3ServerAccess
- type S3ServerAccessParser
- type VPCFlow
- type VPCFlowParser
Constants ¶
This section is empty.
Variables ¶
View Source
var ALBDesc = `` /* 197-byte string literal not displayed */
View Source
var AuroraMySQLAuditDesc = `` /* 187-byte string literal not displayed */
View Source
var CloudTrailDesc = `` /* 193-byte string literal not displayed */
View Source
var GuardDutyDesc = `` /* 259-byte string literal not displayed */
View Source
var S3ServerAccessDesc = `` /* 141-byte string literal not displayed */
View Source
var VPCFlowDesc = `` /* 210-byte string literal not displayed */
Functions ¶
This section is empty.
Types ¶
type ALB ¶
type ALB struct {
Type *string `json:"type,omitempty" validate:"oneof=http https h2 ws wss"`
Timestamp *timestamp.RFC3339 `json:"timestamp,omitempty" validate:"required"`
ELB *string `json:"elb,omitempty"`
ClientIP *string `json:"clientIp,omitempty"`
ClientPort *int `json:"clientPort,omitempty"`
TargetIP *string `json:"targetIp,omitempty"`
TargetPort *int `json:"targetPort,omitempty"`
RequestProcessingTime *float64 `json:"requestProcessingTime,omitempty"`
TargetProcessingTime *float64 `json:"targetProcessingTime,omitempty"`
ResponseProcessingTime *float64 `json:"responseProcessingTime,omitempty"`
ELBStatusCode *int `json:"elbStatusCode,omitempty" validate:"min=100,max=600"`
TargetStatusCode *int `json:"targetStatusCode,omitempty"`
ReceivedBytes *int `json:"receivedBytes,omitempty"`
SentBytes *int `json:"sentBytes"`
RequestHTTPMethod *string `json:"requestHttpMethod,omitempty"`
RequestURL *string `json:"requestUrl,omitempty"`
RequestHTTPVersion *string `json:"requestHttpVersion,omitempty"`
UserAgent *string `json:"userAgent,omitempty"`
SSLCipher *string `json:"sslCipher,omitempty"`
SSLProtocol *string `json:"sslProtocol,omitempty"`
TargetGroupARN *string `json:"targetGroupArn,omitempty"`
TraceID *string `json:"traceId,omitempty"`
DomainName *string `json:"domainName,omitempty"`
ChosenCertARN *string `json:"chosenCertArn,omitempty"`
MatchedRulePriority *int `json:"matchedRulePriority,omitempty"`
RequestCreationTime *timestamp.RFC3339 `json:"requestCreationTime,omitempty"`
ActionsExecuted []string `json:"actionsExecuted,omitempty"`
RedirectURL *string `json:"redirectUrl,omitempty"`
ErrorReason *string `json:"errorReason,omitempty"`
}
type ALBParser ¶
type ALBParser struct{}
ALBParser parses AWS Application Load Balancer logs
type AuroraMySQLAudit ¶
type AuroraMySQLAudit struct {
Timestamp *timestamp.RFC3339 `json:"timestamp,omitempty"`
ServerHost *string `json:"serverHost,omitempty"`
Username *string `json:"username,omitempty"`
Host *string `json:"host,omitempty"`
ConnectionID *int `json:"connectionId,omitempty"`
QueryID *int `json:"queryId,omitempty"`
Operation *string `json:"operation,omitempty" validate:"oneof=CONNECT QUERY READ WRITE CREATE ALTER RENAME DROP"`
Database *string `json:"database,omitempty"`
Object *string `json:"object,omitempty"`
RetCode *int `json:"retCode,omitempty"`
}
type AuroraMySQLAuditParser ¶
type AuroraMySQLAuditParser struct{}
AuroraMySQLAuditParser parses AWS Aurora MySQL Audit logs
func (*AuroraMySQLAuditParser) LogType ¶
func (p *AuroraMySQLAuditParser) LogType() string
LogType returns the log type supported by this parser
func (*AuroraMySQLAuditParser) Parse ¶
func (p *AuroraMySQLAuditParser) Parse(log string) []interface{}
Parse returns the parsed events or nil if parsing failed
type CloudTrail ¶
type CloudTrail struct {
AdditionalEventData interface{} `json:"additionalEventData,omitempty"`
APIVersion *string `json:"apiVersion,omitempty" validate:"required"`
AWSRegion *string `json:"awsRegion,omitempty" validate:"required"`
ErrorCode *string `json:"errorCode,omitempty"`
ErrorMessage *string `json:"errorMessage,omitempty"`
EventID *string `json:"eventId,omitempty" validate:"required"`
EventName *string `json:"eventName,omitempty"`
EventSource *string `json:"eventSource,omitempty"`
EventTime *timestamp.RFC3339 `json:"eventTime,omitempty"`
EventType *string `json:"eventType,omitempty"`
EventVersion *string `json:"eventVersion,omitempty" validate:"required"`
ManagementEvent *bool `json:"managementEvent,omitempty"`
ReadOnly *bool `json:"readOnly,omitempty"`
RecipientAccountID *string `json:"recipientAccountId,omitempty" validate:"required,len=12,numeric"`
RequestID *string `json:"requestId,omitempty"`
RequestParameters interface{} `json:"requestParameters,omitempty"`
Resources []CloudTrailResources `json:"resources,omitempty"`
ResponseElements interface{} `json:"responseElements,omitempty"`
ServiceEventDetails interface{} `json:"serviceEventDetails,omitempty"`
SourceIPAddress *string `json:"sourceIpAddress,omitempty"`
UserAgent *string `json:"userAgent,omitempty"`
UserIdentity *CloudTrailUserIdentity `json:"userIdentity,omitempty"`
VPCEndpointID *string `json:"vpcEndpointId,omitempty"`
}
CloudTrailRecord is an AWS CloudTrail API log.
type CloudTrailParser ¶
type CloudTrailParser struct{}
CloudTrailParser parses CloudTrail logs
func (*CloudTrailParser) LogType ¶
func (p *CloudTrailParser) LogType() string
LogType returns the log type supported by this parser
func (*CloudTrailParser) Parse ¶
func (p *CloudTrailParser) Parse(log string) []interface{}
Parse returns the parsed events or nil if parsing failed
type CloudTrailRecords ¶
type CloudTrailRecords struct {
Records []*CloudTrail `json:"Records" validate:"required"`
}
type CloudTrailResources ¶
type CloudTrailResources struct {
ARN *string `json:"arn"`
AccountID *string `json:"accountId"`
Type *string `json:"type"`
}
CloudTrailResources are the AWS resources used in the API call.
type CloudTrailSessionContext ¶
type CloudTrailSessionContext struct {
Attributes *CloudTrailSessionContextAttributes `json:"attributes,omitempty"`
SessionIssuer *CloudTrailSessionContextSessionIssuer `json:"sessionIssuer,omitempty"`
WebIDFederationData *CloudTrailSessionContextWebIDFederationData `json:"webIdFederationData,omitempty"`
}
CloudTrailSessionContext provides information about a session created for temporary credentials.
type CloudTrailSessionContextAttributes ¶
type CloudTrailSessionContextAttributes struct {
MfaAuthenticated *string `json:"mfaAuthenticated,omitempty"`
CreationDate *string `json:"creationDate,omitempty"`
}
CloudTrailSessionContextAttributes contains the attributes of the Session context object
type CloudTrailSessionContextSessionIssuer ¶
type CloudTrailSessionContextSessionIssuer struct {
Type *string `json:"type,omitempty"`
PrincipalID *string `json:"principalId,omitempty"`
Arn *string `json:"arn,omitempty"`
AccountID *string `json:"accountId,omitempty"`
Username *string `json:"userName,omitempty"`
}
CloudTrailSessionContextSessionIssuer contains information for the SessionContextSessionIssuer
type CloudTrailSessionContextWebIDFederationData ¶
type CloudTrailSessionContextWebIDFederationData struct {
FederatedProvider *string `json:"federatedProvider,omitempty"`
Attributes interface{} `json:"attributes,omitempty"`
}
CloudTrailSessionContextWebIDFederationData contains Web ID federation data
type CloudTrailUserIdentity ¶
type CloudTrailUserIdentity struct {
Type *string `json:"type,omitempty"`
PrincipalID *string `json:"principalId,omitempty"`
ARN *string `json:"arn,omitempty"`
AccountID *string `json:"accountId,omitempty"`
AccessKeyID *string `json:"accessKeyId,omitempty"`
Username *string `json:"userName,omitempty"`
SessionContext *CloudTrailSessionContext `json:"sessionContext,omitempty"`
InvokedBy *string `json:"invokedBy,omitempty"`
IdentityProvider *string `json:"identityProvider,omitempty"`
}
CloudTrailUserIdentity contains details about the type of IAM identity that made the request.
type GuardDuty ¶
type GuardDuty struct {
SchemaVersion *string `json:"schemaVersion" validate:"required"`
AccountID *string `json:"accountId" validate:"len=12,numeric"`
Region *string `json:"region" validate:"required"`
Partition *string `json:"partition" validate:"required"`
ID *string `json:"id,omitempty" validate:"required"`
Arn *string `json:"arn" validate:"required"`
Type *string `json:"type" validate:"required"`
Resource interface{} `json:"resource" validate:"required"`
Severity *int `json:"severity" validate:"required,min=0"`
CreatedAt *timestamp.RFC3339 `json:"createdAt" validate:"required,min=0"`
UpdatedAt *timestamp.RFC3339 `json:"updatedAt" validate:"required,min=0"`
Title *string `json:"title" validate:"required"`
Description *string `json:"description" validate:"required"`
Service *GuardDutyService `json:"service" validate:"required"`
}
type GuardDutyParser ¶
type GuardDutyParser struct{}
VPCFlowParser parses AWS VPC Flow Parser logs
func (*GuardDutyParser) LogType ¶
func (p *GuardDutyParser) LogType() string
LogType returns the log type supported by this parser
func (*GuardDutyParser) Parse ¶
func (p *GuardDutyParser) Parse(log string) []interface{}
Parse returns the parsed events or nil if parsing failed
type GuardDutyService ¶
type GuardDutyService struct {
AdditionalInfo interface{} `json:"additionalInfo"`
Action interface{} `json:"action"`
ServiceName *string `json:"serviceName" validate:"required"`
DetectorID *string `json:"detectorId" validate:"required"`
ResourceRole *string `json:"resourceRole"`
EventFirstSeen *timestamp.RFC3339 `json:"eventFirstSeen"`
EventLastSeen *timestamp.RFC3339 `json:"eventLastSeen"`
Archived *bool `json:"archived"`
Count *int `json:"count"`
}
type S3ServerAccess ¶
type S3ServerAccess struct {
BucketOwner *string `json:"bucketowner,omitempty" validate:"required,len=64,alphanum"`
Bucket *string `json:"bucket,omitempty"`
Time *timestamp.RFC3339 `json:"time,omitempty"`
RemoteIP *string `json:"remoteip,omitempty"`
Requester *string `json:"requester,omitempty"`
RequestID *string `json:"requestid,omitempty"`
Operation *string `json:"operation,omitempty"`
Key *string `json:"key,omitempty"`
RequestURI *string `json:"requesturi,omitempty"`
HTTPStatus *int `json:"httpstatus,omitempty" validate:"required,max=600,min=100"`
ErrorCode *string `json:"errorcode,omitempty"`
BytesSent *int `json:"bytessent,omitempty"`
ObjectSize *int `json:"objectsize,omitempty"`
TotalTime *int `json:"totaltime,omitempty"`
TurnAroundTime *int `json:"turnaroundtime,omitempty"`
Referrer *string `json:"referrer,omitempty"`
UserAgent *string `json:"useragent,omitempty"`
VersionID *string `json:"versionid,omitempty"`
HostID *string `json:"hostid,omitempty"`
SignatureVersion *string `json:"signatureversion,omitempty"`
CipherSuite *string `json:"ciphersuite,omitempty"`
AuthenticationType *string `json:"authenticationtype,omitempty"`
HostHeader *string `json:"hostheader,omitempty"`
TLSVersion *string `json:"tlsVersion,omitempty"`
AdditionalFields []string `json:"additionalFields,omitempty"`
}
type S3ServerAccessParser ¶
type S3ServerAccessParser struct{}
S3ServerAccessParser parses AWS S3 Server Access logs
func (*S3ServerAccessParser) LogType ¶
func (p *S3ServerAccessParser) LogType() string
LogType returns the log type supported by this parser
func (*S3ServerAccessParser) Parse ¶
func (p *S3ServerAccessParser) Parse(log string) []interface{}
Parse returns the parsed events or nil if parsing failed
type VPCFlow ¶
type VPCFlow struct {
Version *int `json:"version,omitempty" validate:"required"`
Account *string `json:"account,omitempty" validate:"omitempty,len=12,numeric"`
InterfaceID *string `json:"interfaceId,omitempty"`
SourceAddr *string `json:"sourceAddr,omitempty"`
Dstaddr *string `json:"dstAddr,omitempty"`
SrcPort *int `json:"srcPort,omitempty" validate:"omitempty,min=0,max=65535"`
DstPort *int `json:"destPort,omitempty" validate:"omitempty,min=0,max=65535"`
Protocol *int `json:"protocol,omitempty"`
Packets *int `json:"packets,omitempty"`
Bytes *int `json:"bytes,omitempty"`
Start *timestamp.RFC3339 `json:"start,omitempty" validate:"required"`
End *timestamp.RFC3339 `json:"end,omitempty" validate:"required"`
Action *string `json:"action,omitempty" validate:"omitempty,oneof=ACCEPT REJECT"`
LogStatus *string `json:"status,omitempty" validate:"oneof=OK NODATA SKIPDATA"`
}
type VPCFlowParser ¶
type VPCFlowParser struct{}
VPCFlowParser parses AWS VPC Flow Parser logs
func (*VPCFlowParser) LogType ¶
func (p *VPCFlowParser) LogType() string
LogType returns the log type supported by this parser
func (*VPCFlowParser) Parse ¶
func (p *VPCFlowParser) Parse(log string) []interface{}
Parse returns the parsed events or nil if parsing failed
Source Files
Click to show internal directories.
Click to hide internal directories.