-
Notifications
You must be signed in to change notification settings - Fork 163
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add native go line parser implementation to go-audit #62
base: master
Are you sure you want to change the base?
Conversation
Codecov Report
@@ Coverage Diff @@
## master #62 +/- ##
==========================================
- Coverage 75.21% 46.9% -28.31%
==========================================
Files 5 6 +1
Lines 476 776 +300
==========================================
+ Hits 358 364 +6
- Misses 101 393 +292
- Partials 17 19 +2
Continue to review full report at Codecov.
|
AUDIT_FANOTIFY: "fanotify", | ||
} | ||
|
||
var syscallNumbers = map[uint16]string{ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
FYI this mapping is kernel and architecture specific.
@wadey what would it take to get this merged? |
Codecov Report
@@ Coverage Diff @@
## master #62 +/- ##
===========================================
- Coverage 75.21% 46.90% -28.31%
===========================================
Files 5 6 +1
Lines 476 776 +300
===========================================
+ Hits 358 364 +6
- Misses 101 393 +292
- Partials 17 19 +2
Continue to review full report at Codecov.
|
PR Summary
This PR implements a native lineparser (javascript implementation originally written by @nbrownus) directly into go-audit.
For performance reasons, it is turned off by default, but may be switched on via two configuration options under
message_decoding
:enabled
simply performs basic line parsing.human_friendly_messages
extends this parsing to construct human-friendly messages based on the contents of an audit message.