Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func FilterFuncMap ¶ added in v1.8.0
FilterFuncMap returns the template func map populated with some useful template functions that can be used in rule actions.
Types ¶
type APIConfig ¶
type APIConfig struct { // Transport specifies the underlying transport protocol for the API HTTP server. Transport string `json:"api.transport" yaml:"api.transport"` // Timeout determines the timeout for the API server responses Timeout time.Duration `json:"api.timeout" yaml:"api.timeout"` }
APIConfig contains API specific config options.
type ActionContext ¶ added in v1.8.0
type ActionContext struct { Kevt *kevent.Kevent // Kevts contains matched events for sequence group // policies indexed by `k` + the slot number of the // rule that produced a partial match Kevts map[string]*kevent.Kevent // Events contains a single element for non-sequence // group policies or a list of ordered matched events // for sequence group policies Events []*kevent.Kevent Filter *FilterConfig Group FilterGroup }
ActionContext is the convenient structure for grouping the event that resulted in matched filter along with filter group information.
type FilamentConfig ¶
FilamentConfig stores config parameters for tweaking the behaviour of the filament engine.
type FilterConfig ¶ added in v1.4.0
type FilterConfig struct { Name string `json:"name" yaml:"name"` Description string `json:"description" yaml:"description"` Def string `json:"def" yaml:"def"` // deprecated in favor of `Condition` Condition string `json:"condition" yaml:"condition"` Action string `json:"action" yaml:"action"` Labels map[string]string `json:"labels" yaml:"labels"` }
FilterConfig is the descriptor of a single filter.
type FilterGroup ¶ added in v1.4.0
type FilterGroup struct { Name string `json:"group" yaml:"group"` Description string `json:"description" yaml:"description"` Enabled *bool `json:"enabled" yaml:"enabled"` Policy FilterGroupPolicy `json:"policy" yaml:"policy"` Relation FilterGroupRelation `json:"relation" yaml:"relation"` Rules []*FilterConfig `json:"rules" yaml:"rules"` FromStrings []*FilterConfig `json:"from-strings" yaml:"from-strings"` // deprecated in favor or `Rules` Tags []string `json:"tags" yaml:"tags"` Labels map[string]string `json:"labels" yaml:"labels"` }
FilterGroup represents the container for filters.
func (FilterGroup) Hash ¶ added in v1.6.0
func (g FilterGroup) Hash() uint32
Hash calculates the filter group hash.
func (FilterGroup) IsDisabled ¶ added in v1.6.0
func (g FilterGroup) IsDisabled() bool
IsDisabled determines if this group is disabled.
type FilterGroupPolicy ¶ added in v1.4.0
type FilterGroupPolicy uint8
FilterGroupPolicy is the type alias for the filter group policy
const ( // IncludePolicy determines the policy type that allows for // filtering the matching events. IncludePolicy FilterGroupPolicy = iota // ExcludePolicy determines the policy that allows for filtering // out the matching events, that is, discarding them from the event // flow. ExcludePolicy // UnknownPolicy determines the unknown group policy type. UnknownPolicy )
func (FilterGroupPolicy) String ¶ added in v1.4.0
func (p FilterGroupPolicy) String() string
String yields a human-readable group policy.
func (*FilterGroupPolicy) UnmarshalYAML ¶ added in v1.4.0
func (p *FilterGroupPolicy) UnmarshalYAML(unmarshal func(interface{}) error) error
UnmarshalYAML converts the policy string to enum type.
type FilterGroupRelation ¶ added in v1.4.0
type FilterGroupRelation uint8
FilterGroupRelation is the type alias for the filter group relation
const ( // OrRelation is the group relation type that requires at // least one matching filter to evaluate successfully. OrRelation FilterGroupRelation = iota // AndRelation is the group relation type that requires that // all the filters to match in order to evaluate successfully. AndRelation // UnknownRelation determines the unknown group relation type. UnknownRelation )
func (FilterGroupRelation) String ¶ added in v1.4.0
func (r FilterGroupRelation) String() string
String yields a human-readable group relation.
func (*FilterGroupRelation) UnmarshalYAML ¶ added in v1.4.0
func (r *FilterGroupRelation) UnmarshalYAML(unmarshal func(interface{}) error) error
UnmarshalYAML converts the relation string to enum type.
type Filters ¶ added in v1.4.0
type Filters struct { Rules Rules `json:"rules" yaml:"rules"` Macros Macros `json:"macros" yaml:"macros"` // contains filtered or unexported fields }
Filters contains references to rule groups and macro definitions. Each filter group can contain multiple filter expressions which represent the rules.
func FiltersWithMacros ¶ added in v1.8.0
FiltersWithMacros builds the filter config with the map of predefined macros. Only used for testing purposes.
func (Filters) IsMacroList ¶ added in v1.8.0
func (Filters) LoadGroups ¶ added in v1.4.0
func (f Filters) LoadGroups() ([]FilterGroup, error)
LoadGroups for each rule group file it decodes the groups and ensures the correctness of the yaml file.
func (*Filters) LoadMacros ¶ added in v1.8.0
LoadMacros from the macro library. The Go templates are applied on each macro file before running the YAML decoder on them.
type Macro ¶ added in v1.8.0
type Macro struct { ID string `json:"macro" yaml:"macro"` Description string `json:"description" yaml:"description"` Expr string `json:"expr" yaml:"expr"` List []string `json:"list" yaml:"list"` }
Macro represents the state of the rule macro. Macros either expand to expressions or lists.