Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
View Source
var BatchDesc = `` /* 131-byte string literal not displayed */
View Source
var DifferentialDesc = `` /* 144-byte string literal not displayed */
View Source
var SnapshotDesc = `` /* 140-byte string literal not displayed */
View Source
var StatusDesc = `Status is a diagnostic osquery log about the daemon.
Reference: https://osquery.readthedocs.io/en/stable/deployment/logging/`
Functions ¶
This section is empty.
Types ¶
type Batch ¶
type Batch struct {
CalendarTime *timestamp.ANSICwithTZ `json:"calendarTime,omitempty" validate:"required"`
Counter *int `json:"counter,omitempty,string" validate:"required"`
Decorations map[string]string `json:"decorations,omitempty"`
DiffResults *BatchDiffResults `json:"diffResults,omitempty" validate:"required"`
Epoch *int `json:"epoch,omitempty,string" validate:"required"`
Hostname *string `json:"hostname,omitempty" validate:"required"`
Name *string `json:"name,omitempty" validate:"required"`
UnixTime *int `json:"unixTime,omitempty,string" validate:"required"`
}
type BatchDiffResults ¶
type BatchDiffResults struct {
Added []map[string]string `json:"added,omitempty"`
Removed []map[string]string `json:"removed,omitempty"`
}
OsqueryBatchDiffResults contains diff data for OsQuery batch results
type BatchParser ¶
type BatchParser struct{}
BatchParser parses OsQuery Batch logs
func (*BatchParser) LogType ¶
func (p *BatchParser) LogType() string
LogType returns the log type supported by this parser
func (*BatchParser) Parse ¶
func (p *BatchParser) Parse(log string) []interface{}
Parse returns the parsed events or nil if parsing failed
type Differential ¶
type Differential struct {
Action *string `json:"action,omitempty" validate:"required"`
CalendarTime *timestamp.ANSICwithTZ `json:"calendartime,omitempty" validate:"required"`
Columns map[string]string `json:"columns,omitempty" validate:"required"`
Counter *int `json:"counter,omitempty,string"`
Decorations map[string]string `json:"decorations,omitempty"`
Epoch *int `json:"epoch,omitempty,string" validate:"required"`
HostIdentifier *string `json:"hostIdentifier,omitempty" validate:"required"`
LogType *string `json:"logType,omitempty" validate:"required,eq=result"`
LogUnderscoreType *string `json:"log_type,omitempty"`
Name *string `json:"name,omitempty" validate:"required"`
UnixTime *int `json:"unixTime,omitempty,string" validate:"required"`
LogNumericsAsNumbers *bool `json:"logNumericsAsNumbers,omitempty,string"`
}
type DifferentialParser ¶
type DifferentialParser struct{}
DifferentialParser parses OsQuery Differential logs
func (*DifferentialParser) LogType ¶
func (p *DifferentialParser) LogType() string
LogType returns the log type supported by this parser
func (*DifferentialParser) Parse ¶
func (p *DifferentialParser) Parse(log string) []interface{}
Parse returns the parsed events or nil if parsing failed
type Snapshot ¶
type Snapshot struct {
Action *string `json:"action,omitempty" validate:"required,eq=snapshot"`
CalendarTime *timestamp.ANSICwithTZ `json:"calendarTime,omitempty" validate:"required"`
Counter *int `json:"counter,omitempty,string" validate:"required"`
Decorations map[string]string `json:"decorations,omitempty"`
Epoch *int `json:"epoch,omitempty,string" validate:"required"`
HostIdentifier *string `json:"hostIdentifier,omitempty" validate:"required"`
Name *string `json:"name,omitempty" validate:"required"`
Snapshot []map[string]string `json:"snapshot,omitempty" validate:"required"`
UnixTime *int `json:"unixTime,omitempty,string" validate:"required"`
}
type SnapshotParser ¶
type SnapshotParser struct{}
SnapshotParser parses OsQuery snapshot logs
func (*SnapshotParser) LogType ¶
func (p *SnapshotParser) LogType() string
LogType returns the log type supported by this parser
func (*SnapshotParser) Parse ¶
func (p *SnapshotParser) Parse(log string) []interface{}
Parse returns the parsed events or nil if parsing failed
type Status ¶
type Status struct {
CalendarTime *timestamp.ANSICwithTZ `json:"calendarTime,omitempty" validate:"required"`
Decorations map[string]string `json:"decorations,omitempty"`
Filename *string `json:"filename,omitempty" validate:"required"`
HostIdentifier *string `json:"hostIdentifier,omitempty" validate:"required"`
Line *int `json:"line,omitempty,string" validate:"required"`
LogType *string `json:"logType,omitempty" validate:"required,eq=status"`
LogUnderscoreType *string `json:"log_type,omitempty"`
Message *string `json:"message,omitempty"`
Severity *int `json:"severity,omitempty,string" validate:"required"`
UnixTime *int `json:"unixTime,omitempty,string" validate:"required"`
Version *string `json:"version,omitempty" validate:"required"`
}
type StatusParser ¶
type StatusParser struct{}
StatusParser parses OsQuery Status logs
func (*StatusParser) LogType ¶
func (p *StatusParser) LogType() string
LogType returns the log type supported by this parser
func (*StatusParser) Parse ¶
func (p *StatusParser) Parse(log string) []interface{}
Parse returns the parsed events or nil if parsing failed
Source Files
Click to show internal directories.
Click to hide internal directories.