-
-
Notifications
You must be signed in to change notification settings - Fork 0
/
auditlog.go
136 lines (118 loc) · 3.38 KB
/
auditlog.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
// Copyright 2023 Juan Pablo Tosso and the OWASP Coraza contributors
// SPDX-License-Identifier: Apache-2.0
package plugintypes
import (
"io/fs"
"github.com/appsentinels/coraza/v3/types"
)
// AuditLog represents the main struct for audit log data
type AuditLog interface {
Parts() types.AuditLogParts
Transaction() AuditLogTransaction
Messages() []AuditLogMessage
}
// AuditLogTransaction contains transaction specific information
type AuditLogTransaction interface {
Timestamp() string
UnixTimestamp() int64
ID() string
ClientIP() string
ClientPort() int
HostIP() string
HostPort() int
ServerID() string
Request() AuditLogTransactionRequest
HasRequest() bool
Response() AuditLogTransactionResponse
HasResponse() bool
Producer() AuditLogTransactionProducer
}
// AuditLogTransactionResponse contains response specific information
type AuditLogTransactionResponse interface {
Protocol() string
Status() int
Headers() map[string][]string
Body() string
}
// AuditLogTransactionProducer contains producer specific information
// for debugging
type AuditLogTransactionProducer interface {
Connector() string
Version() string
Server() string
RuleEngine() string
Stopwatch() string
Rulesets() []string
}
// AuditLogTransactionRequest contains request specific information
type AuditLogTransactionRequest interface {
Method() string
Protocol() string
URI() string
HTTPVersion() string
Headers() map[string][]string
Body() string
Files() []AuditLogTransactionRequestFiles
}
// AuditLogTransactionRequestFiles contains information for the
// uploaded files using multipart forms
type AuditLogTransactionRequestFiles interface {
Name() string
Size() int64
Mime() string
}
// AuditLogMessage contains information about the triggered rules
type AuditLogMessage interface {
Actionset() string
Message() string
Data() AuditLogMessageData
}
// AuditLogMessageData contains information about the triggered rules
// in detail
type AuditLogMessageData interface {
File() string
Line() int
ID() int
Rev() string
Msg() string
Data() string
Severity() types.RuleSeverity
Ver() string
Maturity() int
Accuracy() int
Tags() []string
Raw() string
}
// AuditLogConfig is the configuration of a Writer.
type AuditLogConfig struct {
// Target is the path to the file to write the raw audit log to.
Target string
// FileMode is the mode to use when creating File.
FileMode fs.FileMode
// Dir is the path to the directory to write formatted audit logs to.
Dir string
// DirMode is the mode to use when creating Dir.
DirMode fs.FileMode
// Formatter is the formatter to use when writing formatted audit logs.
Formatter AuditLogFormatter
}
// AuditLogWriter is the interface for all log writers.
// It receives an auditlog and writes it to the output stream
// An output stream may be a file, a socket, an URL, etc
type AuditLogWriter interface {
// Init the writer requires previous preparations
Init(AuditLogConfig) error
// Write the audit log to the output destination.
// Using the Formatter is mandatory to generate a "readable" audit log
// It is not sent as a bslice because some writers may require some Audit
// metadata.
Write(AuditLog) error
// Close the writer if required
Close() error
}
// AuditLogFormatter serializes an AuditLog into a byte slice.
// It is used to construct the formatted audit log.
type AuditLogFormatter interface {
Format(AuditLog) ([]byte, error)
MIME() string
}