Class: Fluent::ViaqDockerAudit

Inherits:

Object

Object
Fluent::ViaqDockerAudit

show all

Defined in:: lib/fluent/plugin/viaq_docker_audit.rb

Defined Under Namespace

Classes: ViaqDockerAuditParserException

Constant Summary collapse

IN_HOST_PID = Keys as found in raw audit.log messsages

'pid'

IN_HOST_UID =

'uid'

IN_HOST_AUID =

'auid'

IN_HOST_SESSION =

'ses'

IN_HOST_SELINUX_LABEL =

'subj'

IN_HOST_HOSTNAME =

'hostname'

IN_VM_AUID =

'auid'

IN_VM_HOSTNAME =

'hostname'

IN_VM_IMAGE =

'vm'

IN_VM_PID =

'vm-pid'

IN_VM_USER =

'user'

IN_VM_EXE =

'exe'

IN_VM_REASON =

'reason'

IN_VM_OPERATION =

'op'

IN_VM_RESULT =

'res'

IN_EVENT_TYPE =

'virt_control'

OUT_HOST_PID = Keys used in Origin Aggregated Logging schema

'PID'

OUT_HOST_UID =

'UID'

OUT_HOST_AUID =

'AUDIT_LOGINUID'

OUT_HOST_SESSION =

'AUDIT_SESSION'

OUT_HOST_SELINUX_LABEL =

'SELINUX_CONTEXT'

OUT_HOST_HOSTNAME =

'hostname'

OUT_HOST_EXE =

'EXE'

OUT_VM_AUID =

'sauid'

OUT_VM_CONT_ID =

'container_id_short'

OUT_VM_IMAGE =

'container_image'

OUT_VM_PID =

'pid'

OUT_VM_USER =

'user'

OUT_VM_COMMAND =

'command'

OUT_VM_REASON =

'reason'

OUT_VM_OPERATION =

'operation'

OUT_VM_RESULT =

'result'

TIME =

'time'

SYSTEMD =

'systemd'

TRUSTED =

't'

DOCKER =

'docker'

VIRT_CONTROL =

'VIRT_CONTROL'

ENV_HOSTNAME =

'NODE_NAME'

Instance Method Summary collapse

#parse_audit_line(line) ⇒ Object

Takes one line from audit.log and returns hash that fits the OAL format.

Instance Method Details

#parse_audit_line(line) ⇒ `Object`

Takes one line from audit.log and returns hash that fits the OAL format. Messages of other types than ‘virt_control’ are ignored.