exporters

package
v0.0.13 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 3, 2026 License: Apache-2.0 Imports: 11 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type CEFFormatter 

type CEFFormatter struct{}

CEFFormatter formats events as Common Event Format (used by ArcSight, QRadar)

func (*CEFFormatter) Format 

func (f *CEFFormatter) Format(event *audit.Event) ([]byte, error)

Format formats an event as CEF

type DatadogConfig 

type DatadogConfig struct {
	APIKey  string        `json:"apiKey"`  // Datadog API key
	Site    string        `json:"site"`    // Datadog site (e.g., datadoghq.com, datadoghq.eu)
	Service string        `json:"service"` // Service name
	Source  string        `json:"source"`  // Log source
	Tags    []string      `json:"tags"`    // Additional tags
	Timeout time.Duration `json:"timeout"`
}

DatadogConfig contains Datadog configuration

func DefaultDatadogConfig 

func DefaultDatadogConfig() *DatadogConfig

DefaultDatadogConfig returns default Datadog configuration

type DatadogExporter 

type DatadogExporter struct {
	// contains filtered or unexported fields
}

DatadogExporter exports audit events to Datadog

func NewDatadogExporter 

func NewDatadogExporter(config *DatadogConfig) (*DatadogExporter, error)

NewDatadogExporter creates a new Datadog exporter

func (*DatadogExporter) Close 

func (e *DatadogExporter) Close() error

Close closes the exporter

func (*DatadogExporter) Export 

func (e *DatadogExporter) Export(ctx context.Context, events []*audit.Event) error

Export exports a batch of events to Datadog

func (*DatadogExporter) HealthCheck 

func (e *DatadogExporter) HealthCheck(ctx context.Context) error

HealthCheck checks if Datadog API is reachable

func (*DatadogExporter) Name 

func (e *DatadogExporter) Name() string

Name returns the exporter name

type EventFormatter 

type EventFormatter interface {
	Format(event *audit.Event) ([]byte, error)
}

EventFormatter formats audit events for different SIEM systems

type ExportManager 

type ExportManager struct {
	// contains filtered or unexported fields
}

ExportManager manages multiple SIEM exporters

func NewExportManager 

func NewExportManager() *ExportManager

NewExportManager creates a new export manager

func (*ExportManager) Export 

func (em *ExportManager) Export(event *audit.Event) error

Export queues an event for export to all registered exporters

func (*ExportManager) GetStats 

func (em *ExportManager) GetStats() map[string]*ExporterStats

GetStats returns statistics for all exporters

func (*ExportManager) HealthCheck 

func (em *ExportManager) HealthCheck(ctx context.Context) map[string]error

HealthCheck checks health of all exporters

func (*ExportManager) RegisterExporter 

func (em *ExportManager) RegisterExporter(exporter Exporter, config *ExporterConfig) error

RegisterExporter registers a new SIEM exporter

func (*ExportManager) Shutdown 

func (em *ExportManager) Shutdown(timeout time.Duration) error

Shutdown gracefully shuts down the export manager

type Exporter 

type Exporter interface {
	// Name returns the exporter name (e.g., "splunk", "datadog")
	Name() string

	// Export exports a batch of events
	Export(ctx context.Context, events []*audit.Event) error

	// HealthCheck checks if the exporter is healthy
	HealthCheck(ctx context.Context) error

	// Close closes the exporter and releases resources
	Close() error
}

Exporter defines the interface for SIEM exporters

type ExporterConfig 

type ExporterConfig struct {
	Name           string        `json:"name"`
	Enabled        bool          `json:"enabled"`
	BatchSize      int           `json:"batchSize"`      // Number of events per batch
	FlushInterval  time.Duration `json:"flushInterval"`  // Max time between flushes
	RetryAttempts  int           `json:"retryAttempts"`  // Number of retry attempts
	RetryBackoff   time.Duration `json:"retryBackoff"`   // Initial retry backoff
	BufferSize     int           `json:"bufferSize"`     // Event buffer size
	ErrorThreshold int           `json:"errorThreshold"` // Consecutive errors before circuit breaker
}

ExporterConfig contains common configuration for all exporters

func DefaultExporterConfig 

func DefaultExporterConfig(name string) *ExporterConfig

DefaultExporterConfig returns default exporter configuration

type ExporterStats 

type ExporterStats struct {
	EventsExported  int64     `json:"eventsExported"`
	EventsFailed    int64     `json:"eventsFailed"`
	BatchesExported int64     `json:"batchesExported"`
	BatchesFailed   int64     `json:"batchesFailed"`
	LastExportAt    time.Time `json:"lastExportAt"`
	LastErrorAt     time.Time `json:"lastErrorAt"`
	LastError       string    `json:"lastError"`
	CircuitOpen     bool      `json:"circuitOpen"`
}

ExporterStats tracks exporter statistics

type JSONFormatter 

type JSONFormatter struct{}

JSONFormatter formats events as JSON

func (*JSONFormatter) Format 

func (f *JSONFormatter) Format(event *audit.Event) ([]byte, error)

Format formats an event as JSON

type LEEFFormatter 

type LEEFFormatter struct{}

LEEFFormatter formats events as Log Event Extended Format (used by QRadar)

func (*LEEFFormatter) Format 

func (f *LEEFFormatter) Format(event *audit.Event) ([]byte, error)

Format formats an event as LEEF

type ManagedExporter 

type ManagedExporter struct {
	// contains filtered or unexported fields
}

ManagedExporter wraps an exporter with buffering, retries, and circuit breaker

type SplunkConfig 

type SplunkConfig struct {
	Endpoint   string        `json:"endpoint"`   // Splunk HEC endpoint (e.g., https://splunk:8088/services/collector)
	Token      string        `json:"token"`      // HEC token
	Index      string        `json:"index"`      // Splunk index
	Source     string        `json:"source"`     // Event source
	SourceType string        `json:"sourceType"` // Source type
	VerifySSL  bool          `json:"verifySSL"`  // Verify SSL certificates
	Timeout    time.Duration `json:"timeout"`
}

SplunkConfig contains Splunk HEC configuration

func DefaultSplunkConfig 

func DefaultSplunkConfig() *SplunkConfig

DefaultSplunkConfig returns default Splunk configuration

type SplunkExporter 

type SplunkExporter struct {
	// contains filtered or unexported fields
}

SplunkExporter exports audit events to Splunk HEC

func NewSplunkExporter 

func NewSplunkExporter(config *SplunkConfig) (*SplunkExporter, error)

NewSplunkExporter creates a new Splunk HEC exporter

func (*SplunkExporter) Close 

func (e *SplunkExporter) Close() error

Close closes the exporter

func (*SplunkExporter) Export 

func (e *SplunkExporter) Export(ctx context.Context, events []*audit.Event) error

Export exports a batch of events to Splunk HEC

func (*SplunkExporter) HealthCheck 

func (e *SplunkExporter) HealthCheck(ctx context.Context) error

HealthCheck checks if Splunk HEC is reachable

func (*SplunkExporter) Name 

func (e *SplunkExporter) Name() string

Name returns the exporter name

type SyslogConfig 

type SyslogConfig struct {
	Network   string        `json:"network"`  // tcp, udp, tcp+tls
	Address   string        `json:"address"`  // host:port
	Tag       string        `json:"tag"`      // Syslog tag
	Facility  string        `json:"facility"` // Syslog facility (e.g., local0)
	Severity  string        `json:"severity"` // Default severity (e.g., info)
	UseTLS    bool          `json:"useTls"`   // Use TLS for TCP
	TLSConfig *tls.Config   `json:"-"`        // TLS configuration
	Timeout   time.Duration `json:"timeout"`
	Format    string        `json:"format"` // rfc5424 or rfc3164
}

SyslogConfig contains Syslog configuration

func DefaultSyslogConfig 

func DefaultSyslogConfig() *SyslogConfig

DefaultSyslogConfig returns default Syslog configuration

type SyslogExporter 

type SyslogExporter struct {
	// contains filtered or unexported fields
}

SyslogExporter exports audit events via Syslog

func NewSyslogExporter 

func NewSyslogExporter(config *SyslogConfig) (*SyslogExporter, error)

NewSyslogExporter creates a new Syslog exporter

func (*SyslogExporter) Close 

func (e *SyslogExporter) Close() error

Close closes the Syslog connection

func (*SyslogExporter) Export 

func (e *SyslogExporter) Export(ctx context.Context, events []*audit.Event) error

Export exports a batch of events to Syslog

func (*SyslogExporter) HealthCheck 

func (e *SyslogExporter) HealthCheck(ctx context.Context) error

HealthCheck checks if Syslog server is reachable

func (*SyslogExporter) Name 

func (e *SyslogExporter) Name() string

Name returns the exporter name

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.