mirror of
https://github.com/evilsocket/opensnitch.git
synced 2025-03-06 09:30:58 +01:00
7b610c0176
Now you can send events to syslog, local or remote. This feature was requested here #638 This feature allows you to integrate opensnitch with your SIEM. Take a look at the above discussion to see examples with syslog-ng+promtail+loki+grafana. There's only one logger implemented (syslog), but it should be easily expandable to add more type of loggers (elastic, etc). The event format can be CSV or RFC5424. It sould also be easy to add more formats. - Allow to configure stats workers. They were hardcoded to 4.
50 lines
966 B
Go
50 lines
966 B
Go
package formats
|
|
|
|
import (
|
|
"fmt"
|
|
|
|
"github.com/evilsocket/opensnitch/daemon/ui/protocol"
|
|
)
|
|
|
|
// CSV name of the output format, used in json configs
|
|
const CSV = "csv"
|
|
|
|
// Csv object
|
|
type Csv struct {
|
|
}
|
|
|
|
// NewCSV returns a new CSV transformer object.
|
|
func NewCSV() *Csv {
|
|
return &Csv{}
|
|
}
|
|
|
|
// Transform takes input arguments and formats them to CSV.
|
|
func (c *Csv) Transform(args ...interface{}) (out string) {
|
|
p := args[0]
|
|
values := p.([]interface{})
|
|
for _, val := range values {
|
|
switch val.(type) {
|
|
case *protocol.Connection:
|
|
con := val.(*protocol.Connection)
|
|
out = fmt.Sprint(out,
|
|
con.SrcIp, ",",
|
|
con.SrcPort, ",",
|
|
con.DstIp, ",",
|
|
con.DstHost, ",",
|
|
con.DstPort, ",",
|
|
con.Protocol, ",",
|
|
con.ProcessId, ",",
|
|
con.UserId, ",",
|
|
//con.ProcessComm, ",",
|
|
con.ProcessPath, ",",
|
|
con.ProcessArgs, ",",
|
|
con.ProcessCwd, ",",
|
|
)
|
|
default:
|
|
out = fmt.Sprint(out, val, ",")
|
|
}
|
|
}
|
|
out = out[:len(out)-1]
|
|
|
|
return
|
|
}
|