Documentation
¶
Overview ¶
Package gcplogs has log parsers for Google Cloud Platform
Index ¶
- Constants
- func LogTypes() logtypes.Group
- func NewAuditLogParser() parsers.LogParser
- type AuditData
- type AuditLog
- type AuditLogParser
- type AuthenticationInfo
- type AuthorizationInfo
- type FirstPartyPrincipal
- type HTTPRequest
- type Labels
- type LogEntry
- type LogEntryAuditLog
- type LogEntryOperation
- type LogEntrySourceLocation
- type MonitoredResource
- type PermissionDelta
- type RequestMetadata
- type ResourceAttributes
- type ServiceAccountDelegationInfo
- type Status
- type ThirdPartyPrincipal
Constants ¶
View Source
const ( AuditLogActivityLogID = "cloudaudit.googleapis.com%2Factivity" AuditLogDataLogID = "cloudaudit.googleapis.com%2Fdata_access" AuditLogSystemLogID = "cloudaudit.googleapis.com%2Fsystem_event" )
View Source
const ( LogTypePrefix = "GCP" TypeAuditLog = LogTypePrefix + ".AuditLog" )
Variables ¶
This section is empty.
Functions ¶
func NewAuditLogParser ¶
Types ¶
type AuditData ¶
type AuditData struct {
PermissionDelta PermissionDelta `json:"permissionDelta" validate:"required" description:" The permissionDelta when when creating or updating a Role."`
}
IAM Data audit log nolint:lll
type AuditLog ¶
type AuditLog struct {
PayloadType *string `json:"@type" validate:"required,eq=type.googleapis.com/google.cloud.audit.AuditLog" description:"The type of payload"`
ServiceName *string `json:"serviceName,omitempty" description:"The name of the API service performing the operation"`
MethodName *string `` /* 144-byte string literal not displayed */
ResourceName *string `` /* 174-byte string literal not displayed */
NumResponseItems *numerics.Int64 `json:"numResponseItems,omitempty" description:"The number of items returned from a List or Query API method, if applicable."`
Status *Status `json:"status,omitempty" description:"The status of the overall operation."`
AuthenticationInfo *AuthenticationInfo `json:"authenticationInfo,omitempty" description:"Authentication information."`
AuthorizationInfo []AuthorizationInfo `` /* 236-byte string literal not displayed */
RequestMetadata *RequestMetadata `json:"requestMetadata,omitempty" description:"Metadata about the request"`
Request *jsoniter.RawMessage `` /* 320-byte string literal not displayed */
Response *jsoniter.RawMessage `` /* 323-byte string literal not displayed */
ServiceData *jsoniter.RawMessage `json:"serviceData,omitempty" description:"Other service-specific data about the request, response, and other activities."`
Metadata *jsoniter.RawMessage `` /* 161-byte string literal not displayed */
}
nolint:lll
type AuditLogParser ¶
type AuditLogParser struct{}
func (*AuditLogParser) LogType ¶
func (p *AuditLogParser) LogType() string
func (*AuditLogParser) New ¶
func (p *AuditLogParser) New() parsers.LogParser
New creates a new log parser instance
func (*AuditLogParser) Parse ¶
func (p *AuditLogParser) Parse(log string) ([]*parsers.PantherLog, error)
Parse implements parsers.LogParser interface
type AuthenticationInfo ¶
type AuthenticationInfo struct {
PrincipalSubject *string `` /* 155-byte string literal not displayed */
ServiceAccountKeyName *string `` /* 232-byte string literal not displayed */
PrincipalEmail *string `json:"principalEmail,omitempty" description:"The email address of the authenticated user making the request."`
AuthoritySelector *string `` /* 182-byte string literal not displayed */
ThirdPartyPrincipal *jsoniter.RawMessage `` /* 254-byte string literal not displayed */
ServiceAccountDelegationInfo []ServiceAccountDelegationInfo `` /* 398-byte string literal not displayed */
}
nolint:lll
type AuthorizationInfo ¶
type AuthorizationInfo struct {
Resource *string `json:"resource,omitempty" description:"The resource being accessed, as a REST-style string."`
Permission *string `json:"permission,omitempty" description:"The required IAM permission"`
Granted *bool `json:"granted,omitempty" description:" Whether or not authorization for resource and permission was granted."`
ResourceAttributes *ResourceAttributes `` /* 330-byte string literal not displayed */
}
nolint:lll
type FirstPartyPrincipal ¶ added in v1.15.3
type FirstPartyPrincipal struct {
PrincipalEmail *string `json:"principalEmail,omitempty" description:"The email address of a Google account."`
ServiceMetadata *jsoniter.RawMessage `json:"serviceMetadata,omitempty" description:"Metadata about the service that uses the service account."`
}
nolint:lll
type HTTPRequest ¶
type HTTPRequest struct {
RequestMethod *string `json:"requestMethod,omitempty" description:"The request HTTP method."`
RequestURL *string `` /* 144-byte string literal not displayed */
RequestSize *numerics.Int64 `` /* 141-byte string literal not displayed */
Status *int16 `json:"status,omitempty" description:"The response HTTP status code"`
ResponseSize *numerics.Int64 `` /* 170-byte string literal not displayed */
UserAgent *string `json:"userAgent,omitempty" description:"The user agent sent by the client."`
RemoteIP *string `json:"remoteIP,omitempty" description:"The IP address (IPv4 or IPv6) of the client that issued the HTTP request."`
ServerIP *string `json:"serverIP,omitempty" description:"The IP address (IPv4 or IPv6) of the origin server that the request was sent to."`
Referer *string `json:"referer,omitempty" description:"The referer URL of the request"`
Latency *string `` /* 163-byte string literal not displayed */
CacheLookup *bool `json:"cacheLookup,omitempty" description:"Whether or not a cache lookup was attempted."`
CacheHit *bool `json:"cacheHit,omitempty" description:"Whether or not an entity was served from cache (with or without validation)."`
CacheValidated *bool `` /* 138-byte string literal not displayed */
CacheFillBytes *numerics.Int64 `json:"cacheFillBytes,omitempty" description:"Whether or not an entity was served from cache (with or without validation)."`
Protocol *string `json:"protocol,omitempty" description:"Protocol used for the request."`
}
nolint:lll
type LogEntry ¶
type LogEntry struct {
LogName *string `json:"logName" validate:"required" description:"The resource name of the log to which this log entry belongs."`
Severity *string `json:"severity,omitempty" description:"The severity of the log entry. The default value is LogSeverity.DEFAULT."`
InsertID *string `json:"insertId,omitempty" description:"A unique identifier for the log entry."`
Resource *MonitoredResource `json:"resource,omitempty" description:"The monitored resource that produced this log entry."`
Timestamp *timestamp.RFC3339 `json:"timestamp,omitempty" description:"The time the event described by the log entry occurred."`
ReceiveTimestamp *timestamp.RFC3339 `json:"receiveTimestamp" validate:"required" description:"The time the log entry was received by Logging."`
Labels Labels `` /* 135-byte string literal not displayed */
Operation *LogEntryOperation `json:"operation,omitempty" description:"Information about an operation associated with the log entry, if applicable."`
Trace *string `json:"trace,omitempty" description:"Resource name of the trace associated with the log entry, if any."`
HTTPRequest *HTTPRequest `json:"httpRequest,omitempty" description:"Information about the HTTP request associated with this log entry, if applicable."`
SpanID *string `json:"spanId,omitempty" description:"The span ID within the trace associated with the log entry."`
TraceSampled *bool `json:"traceSampled,omitempty" description:"The sampling decision of the trace associated with the log entry."`
SourceLocation *LogEntrySourceLocation `json:"sourceLocation,omitempty" description:"Source code location information associated with the log entry, if any."`
}
nolint:lll
type LogEntryAuditLog ¶
type LogEntryAuditLog struct {
LogEntry
Payload AuditLog `json:"protoPayload" validate:"required" description:"The AuditLog payload"`
parsers.PantherLog
}
type LogEntryOperation ¶
type LogEntryOperation struct {
ID *string `json:"id,omitempty" description:"Whether or not an entity was served from cache (with or without validation)."`
Producer *string `` /* 133-byte string literal not displayed */
First *bool `json:"first,omitempty" description:"This is the first entry in an operation"`
Last *bool `json:"last,omitempty" description:"This is the last entry in an operation"`
}
nolint:lll
type LogEntrySourceLocation ¶
type LogEntrySourceLocation struct {
File *string `` /* 146-byte string literal not displayed */
Line *numerics.Int64 `json:"line" description:"Line within the source file. 1-based; 0 indicates no line number available."`
Function *string `` /* 157-byte string literal not displayed */
}
nolint:lll
type MonitoredResource ¶
type MonitoredResource struct {
Type *string `json:"type" validate:"required" description:"Type of resource that produced this log entry"`
Labels Labels `json:"labels" validate:"required" description:"Labels describing the resource"`
}
nolint:lll
type PermissionDelta ¶
type PermissionDelta struct {
AddedPermissions []string `json:"addedPermissions,omitempty" description:"Added permissions"`
RemovedPermissions []string `json:"removedPermissions,omitempty" description:"Removed permissions"`
}
nolint:lll
type RequestMetadata ¶
type RequestMetadata struct {
CallerIP *string `json:"callerIP,omitempty" description:"The IP address of the caller."`
CallerSuppliedUserAgent *string `` /* 158-byte string literal not displayed */
CallerNetwork *string `` /* 184-byte string literal not displayed */
RequestAttributes *jsoniter.RawMessage `` /* 205-byte string literal not displayed */
DestinationAttributes *jsoniter.RawMessage `` /* 127-byte string literal not displayed */
}
nolint:lll Reference https://cloud.google.com/service-infrastructure/docs/service-control/reference/rest/v1/AuditLog#RequestMetadata
type ResourceAttributes ¶ added in v1.15.3
type ResourceAttributes struct {
Service *string `` /* 209-byte string literal not displayed */
Name *string `json:"name,omitempty" description:"The stable identifier (name) of a resource on the service."`
Type *string `` /* 157-byte string literal not displayed */
Labels *string `` /* 131-byte string literal not displayed */
UID *string `` /* 356-byte string literal not displayed */
}
nolint:lll
type ServiceAccountDelegationInfo ¶ added in v1.15.3
type ServiceAccountDelegationInfo struct {
FirstPartyPrincipal *FirstPartyPrincipal `json:"firstPartyPrincipal,omitempty" description:"First party (Google) identity as the real authority."`
ThirdPartyPrincipal *ThirdPartyPrincipal `json:"thirdPartyPrincipal,omitempty" description:"Third party identity as the real authority."`
}
nolint:lll
type Status ¶
type Status struct {
// https://cloud.google.com/vision/docs/reference/rpc/google.rpc#google.rpc.Code
Code *int32 `json:"code,omitempty" description:"The status code, which should be an enum value of google.rpc.Code."`
Message *string `json:"message,omitempty" description:"A developer-facing error message, which should be in English."`
Details *jsoniter.RawMessage `` /* 143-byte string literal not displayed */
}
nolint:lll
type ThirdPartyPrincipal ¶ added in v1.15.3
type ThirdPartyPrincipal struct {
ThirdPartyClaims *jsoniter.RawMessage `json:"thirdPartyClaims,omitempty" description:"Metadata about third party identity."`
}
nolint:lll
Source Files
Click to show internal directories.
Click to hide internal directories.