velociraptor: www.velocidex.com/golang/velociraptor/vql/parsers/csv Index | Files

package csv

import "www.velocidex.com/golang/velociraptor/vql/parsers/csv"

Velociraptor - Hunting Evil Copyright (C) 2019 Velocidex Innovations.

This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details.

You should have received a copy of the GNU Affero General Public License along with this program. If not, see <https://www.gnu.org/licenses/>.

Index

Package Files

csv.go watcher.go

Constants

const (
    FREQUENCY = 3 * time.Second
)

Variables

var (
    GlobalCSVService = NewCSVWatcherService()
)

type CSVWatcherService Uses

type CSVWatcherService struct {
    // contains filtered or unexported fields
}

This service watches one or more many event logs files and multiplexes events to multiple readers.

func NewCSVWatcherService Uses

func NewCSVWatcherService() *CSVWatcherService

func (*CSVWatcherService) Register Uses

func (self *CSVWatcherService) Register(
    filename string,
    accessor string,
    ctx context.Context,
    scope *vfilter.Scope,
    output_chan chan vfilter.Row)

func (*CSVWatcherService) StartMonitoring Uses

func (self *CSVWatcherService) StartMonitoring(
    filename string, accessor_name string)

Monitor the filename for new events and emit them to all interested listeners. If no listeners exist we terminate.

type Handle Uses

type Handle struct {
    // contains filtered or unexported fields
}

A handle is given for each interested party. We write the event on to the output_chan unless the context is done. When all interested party are done we may destroy the monitoring go routine and remove the registration.

type ParseCSVPlugin Uses

type ParseCSVPlugin struct{}

func (ParseCSVPlugin) Call Uses

func (self ParseCSVPlugin) Call(
    ctx context.Context,
    scope *vfilter.Scope,
    args *ordereddict.Dict) <-chan vfilter.Row

func (ParseCSVPlugin) Info Uses

func (self ParseCSVPlugin) Info(scope *vfilter.Scope, type_map *vfilter.TypeMap) *vfilter.PluginInfo

type ParseCSVPluginArgs Uses

type ParseCSVPluginArgs struct {
    Filenames []string `vfilter:"required,field=filename,doc=CSV files to open"`
    Accessor  string   `vfilter:"optional,field=accessor,doc=The accessor to use"`
}

type WriteCSVPlugin Uses

type WriteCSVPlugin struct{}

func (WriteCSVPlugin) Call Uses

func (self WriteCSVPlugin) Call(
    ctx context.Context,
    scope *vfilter.Scope,
    args *ordereddict.Dict) <-chan vfilter.Row

func (WriteCSVPlugin) Info Uses

func (self WriteCSVPlugin) Info(scope *vfilter.Scope, type_map *vfilter.TypeMap) *vfilter.PluginInfo

type WriteCSVPluginArgs Uses

type WriteCSVPluginArgs struct {
    Filename string              `vfilter:"required,field=filename,doc=CSV files to open"`
    Query    vfilter.StoredQuery `vfilter:"required,field=query,doc=query to write into the file."`
}

Package csv imports 11 packages (graph) and is imported by 2 packages. Updated 2020-04-06. Refresh now. Tools for package owners.