Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func CollectNames ¶ added in v1.14.0
func CollectNames(c Collection) []string
CollectNames is a helper to get the names of all log type entries in a Collection
func ParserResolver ¶ added in v1.16.0
func ParserResolver(r Resolver) pantherlog.ParserResolver
Types ¶
type CachedResolver ¶ added in v1.15.0
type CachedResolver struct {
// contains filtered or unexported fields
}
func NewCachedResolver ¶ added in v1.15.0
func NewCachedResolver(maxAge time.Duration, r Resolver) *CachedResolver
NewCachedResolver creates a new resolver that caches entries for maxAge duration.
func (*CachedResolver) Forget ¶ added in v1.15.0
func (c *CachedResolver) Forget(name string)
type Collection ¶ added in v1.12.0
type Collection interface {
Entries() []Entry
}
Collection is a collection of log type entries
type Config ¶
type Config struct {
Name string
Description string
ReferenceURL string
Schema interface{}
NewParser pantherlog.LogParserFactory
}
Config describes a log event type in a declarative way. To convert to an Entry instance it must be registered. The Config/LogType separation enforces mutability rules for registered log event types.
func (Config) BuildEntry ¶ added in v1.12.0
BuildEntry implements EntryBuilder interface
type ConfigJSON ¶ added in v1.12.0
type ConfigJSON struct {
Name string
Description string
ReferenceURL string
NewEvent func() interface{}
Validate func(interface{}) error
JSON jsoniter.API
NextRowID func() string
Now func() time.Time
ExtraIndicators pantherlog.FieldSet
}
ConfigJSON is a configuration that creates a log type entry for a JSON log. The parser only handles the usual case where each JSON value produces a single pantherlog.Result.
func (ConfigJSON) BuildEntry ¶ added in v1.12.0
func (c ConfigJSON) BuildEntry() (Entry, error)
BuildEntry implements EntryBuilder interface
type Entry ¶
type Entry interface {
Describe() Desc
pantherlog.LogParserFactory
Schema() interface{}
String() string
// Entry should be usable as an EntryBuilder that returns itself with no error
EntryBuilder
// Entry should implement Group for a single entry
Group
}
Entry describes a log event type. It provides a method to create a new parser and a schema struct to derive tables from.
func MustBuild ¶ added in v1.12.0
func MustBuild(builder EntryBuilder) Entry
MustBuild builds an entry from an EntryBuilder or panics
type EntryBuilder ¶ added in v1.12.0
EntryBuilder builds a new entry. It is used by various entry configurations (Config, ConfigJSON).
type Finder ¶ added in v1.12.0
Finder can find a log entry by name. It should return nil if the entry is not found.
type Group ¶ added in v1.12.0
type Group interface {
Name() string
Collection
Finder
}
Group is a named collection of log type entries. The purpose of Group is to provide read-only access to a set of log types
func BuildGroup ¶ added in v1.12.0
func BuildGroup(name string, entries ...EntryBuilder) (Group, error)
BuildGroup builds a read-only collection of distinct log type entries.
func Must ¶ added in v1.12.0
func Must(name string, entries ...EntryBuilder) Group
Must builds a group of log type entries or panics
type Resolver ¶ added in v1.11.0
Resolver resolves a log type name to it's entry. Implementations should use the context argument if they require to make network requests to resolve the entry. If an error occurred while trying to resolve the entry it should be returned (nil, err). If an entry could not be resolved but no errors occurred the implementations should return `nil, nil`.
func ChainResolvers ¶ added in v1.11.0
ChainResolvers tries multiple resolvers in order returning the first resolved entry
func LocalResolver ¶ added in v1.12.0
LocalResolver returns a log type resolver that looks up entries locally
Source Files
Directories