streamer

package module

v0.3.0 Latest Latest Go to latest Published: Aug 27, 2023 License: BSD-3-Clause Imports: 19 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/juanfont/gitlab-log-streamer

Links

Open Source Insights

README ¶

Gitlab Log Streamer

Gitlab Log Streamer is a tool designed to overcome the limitations of Gitlab's audit_log.json and potentially other logs.

By default, Gitlab writes its audit events to the audit_log.json file, which limits their usefulness as they stay in your GItLab server filesystem.

This project parses the log file, stores the events in a SQLite database, and allows forwarding of new log entries using syslog format (RFC5424) or IBM QRadar's proprietary LEEF. It also supports defining an HTTP endpoint for POST requests with the event, enabling triggers and actions similar to Gitlab System hooks.

Installation

Just head to https://github.com/juanfont/gitlab-log-streamer/releases and grab the latest version.

Then place it in your PATH (e.g., /usr/local/bin)

Usage

You need to create a file named config.yaml in the same directory as the binary or in /etc/gitlab-log-streamer:

---
db_path: "streamer.sqlite"
gitlab_hostname: "gitlab.font.eu"

sources:
  audit_log_path: "/var/log/gitlab/gitlab-rails/audit_json.log"

destinations:
  http:
    url: "http://localhost:8080"
    headers:
      Authorization: "Bearer 1234567890"
      Content-Type: "application/json"
  syslog:
    server_addr: "localhost:1489"
    protocol: "udp"

    # Optional. If true, the syslog message will be in LEEF format. Otherwise, syslog in RFC5424 format.
    use_leef: false

And then just execute:

gitlab-log-streamer watch

Documentation ¶

Index ¶

Constants
type Add
type As
type AuditEvent
type AuditLogStreamer
- func NewAuditLogStreamer(config Config) (*AuditLogStreamer, error)
- func (s *AuditLogStreamer) Watch() error
type AuthorClass
type Change
type Config
type MergeAccessLevelElement
type Severity
type With

Constants ¶

View Source

const (
	AuditEventLoginWithTwoFactor = "two-factor"
	AuditEventLoginWithU2F       = "two-factor-via-u2f-device"
	AuditEventLoginWithWebAuthn  = "two-factor-via-webauthn-device"
	AuditEventLoginStandard      = "standard"
)

View Source

const (
	GitlabVersionManifestPath = "/opt/gitlab/version-manifest.txt"
)

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Add ¶

type Add string

const (
	CiGroupVariable Add = "ci_group_variable"
	Email           Add = "email"
	Group           Add = "group"
	Project         Add = "project"
	User            Add = "user"
	UserAccess      Add = "user_access"
)

type As ¶

type As string

const (
	Developer As = "Developer"
	Guest     As = "Guest"
	Owner     As = "Owner"
)

type AuditEvent ¶

type AuditEvent struct {
	ID            uint64 `gorm:"primary_key" json:"-"`
	CorrelationID string `gorm:"type:varchar(64);unique_index" json:"correlation_id"`

	Severity      string      `json:"severity"`
	Time          time.Time   `json:"time"`
	AuthorID      int64       `json:"author_id"`
	AuthorName    string      `json:"author_name"`
	EntityID      int64       `json:"entity_id"`
	EntityType    AuthorClass `json:"entity_type"`
	CreatedAt     time.Time   `json:"created_at"`
	IPAddress     string      `json:"ip_address"`
	With          *With       `json:"with,omitempty"`
	TargetID      *int64      `json:"target_id"`
	TargetType    AuthorClass `json:"target_type"`
	TargetDetails *string     `json:"target_details"`
	EntityPath    string      `json:"entity_path"`
	Remove        *Add        `json:"remove,omitempty"`
	Add           *Add        `json:"add,omitempty"`
	// Details       *Details    `json:"details,omitempty"`
	// PushAccessLevels          []MergeAccessLevelElement `json:"push_access_levels,omitempty"`
	// MergeAccessLevels         []MergeAccessLevelElement `json:"merge_access_levels,omitempty"`
	AllowForcePush            *bool        `json:"allow_force_push,omitempty"`
	CodeOwnerApprovalRequired *bool        `json:"code_owner_approval_required,omitempty"`
	AuthorClass               *AuthorClass `json:"author_class,omitempty"`
	CustomMessage             *string      `json:"custom_message,omitempty"`
	As                        *As          `json:"as,omitempty"`
	MemberID                  *int64       `json:"member_id,omitempty"`
	Change                    *Change      `json:"change,omitempty"`
	From                      *string      `json:"from,omitempty"`
	To                        *string      `json:"to,omitempty"`
	Action                    *string      `json:"action,omitempty"`
	ExpiryFrom                *string      `json:"expiry_from"`
	ExpiryTo                  *string      `json:"expiry_to"`

	MetaCallerID        string `json:"meta.caller_id"`
	MetaRemoteIP        string `json:"meta.remote_ip"`
	MetaFeatureCategory string `json:"meta.feature_category"`
	MetaClientID        string `json:"meta.client_id"`
	MetaUser            string `json:"meta.user,omitempty"`
	MetaUserID          int    `json:"meta.user_id,omitempty"`

	OriginalData datatypes.JSON
}

type AuditLogStreamer ¶

type AuditLogStreamer struct {
	// contains filtered or unexported fields
}

func NewAuditLogStreamer ¶

func NewAuditLogStreamer(config Config) (*AuditLogStreamer, error)

func (*AuditLogStreamer) Watch ¶

func (s *AuditLogStreamer) Watch() error

type AuthorClass ¶

type AuthorClass string

const (
	AuthorClassCiGroupVariable AuthorClass = "Ci::GroupVariable"
	AuthorClassEmail           AuthorClass = "Email"
	AuthorClassGroup           AuthorClass = "Group"
	AuthorClassProject         AuthorClass = "Project"
	AuthorClassUser            AuthorClass = "User"
	CiRunner                   AuthorClass = "Ci::Runner"
	PersonalAccessToken        AuthorClass = "PersonalAccessToken"
	ProtectedBranch            AuthorClass = "ProtectedBranch"
)

type Change ¶

type Change string

const (
	AccessLevel   Change = "access_level"
	AllowedToPush Change = "allowed to push"
	EmailAddress  Change = "email address"
	Name          Change = "name"
)

type Config ¶

type Config struct {
	AuditLogForwardingEndpoint string
	GitlabHostname             string
	AuditLogPath               string
	DBpath                     string

	SyslogServerAddr string
	SyslogProtocol   string
	UseLEEF          bool // Use QRadar propietary LEEF format
}

type MergeAccessLevelElement ¶

type MergeAccessLevelElement string

const (
	Maintainers MergeAccessLevelElement = "Maintainers"
)

type Severity ¶

type Severity string

type With ¶

type With string

const (
	Saml                       With = "saml"
	TwoFactor                  With = "two-factor"
	TwoFactorViaWebauthnDevice With = "two-factor-via-webauthn-device"
)

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
cmd
streamer
streamer/cli
pkg
leef

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL