...

Source file src/github.com/sassoftware/relic/cmdline/auditor/graylog.go

Documentation: github.com/sassoftware/relic/cmdline/auditor 

     1  //
     2  // Copyright (c) SAS Institute Inc.
     3  //
     4  // Licensed under the Apache License, Version 2.0 (the "License");
     5  // you may not use this file except in compliance with the License.
     6  // You may obtain a copy of the License at
     7  //
     8  //     http://www.apache.org/licenses/LICENSE-2.0
     9  //
    10  // Unless required by applicable law or agreed to in writing, software
    11  // distributed under the License is distributed on an "AS IS" BASIS,
    12  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13  // See the License for the specific language governing permissions and
    14  // limitations under the License.
    15  //
    16  
    17  package auditor
    18  
    19  import (
    20  	"bytes"
    21  	"encoding/json"
    22  	"fmt"
    23  	"net/http"
    24  	"strings"
    25  	"time"
    26  
    27  	"github.com/sassoftware/relic/lib/audit"
    28  )
    29  
    30  func logGraylog(info *audit.Info, rowid int64) error {
    31  	if auditConfig.GraylogURL == "" {
    32  		return nil
    33  	}
    34  	msg := map[string]interface{}{
    35  		"version":       "1.1",
    36  		"host":          info.Attributes["sig.hostname"],
    37  		"short_message": fmtRow(info, rowid),
    38  		"level":         6, // INFO
    39  	}
    40  	if timestamp, err := time.Parse(time.RFC3339Nano, info.Attributes["sig.timestamp"].(string)); err == nil {
    41  		msg["timestamp"] = timestamp.Unix()
    42  	}
    43  	for k, v := range info.Attributes {
    44  		if v == nil {
    45  			continue
    46  		}
    47  		// graylog quietly changes dots to underscores, but only after running
    48  		// stream filters. that gets confusing real quickly so change it to
    49  		// underscore now.
    50  		k = strings.Replace(k, ".", "_", -1)
    51  		msg["_"+k] = v
    52  	}
    53  	blob, err := json.Marshal(msg)
    54  	if err != nil {
    55  		return err
    56  	}
    57  	resp, err := http.Post(auditConfig.GraylogURL, "application/json", bytes.NewReader(blob))
    58  	if err != nil {
    59  		return err
    60  	} else if resp.StatusCode >= 300 {
    61  		return fmt.Errorf("error posting to graylog: %s", resp.Status)
    62  	}
    63  	resp.Body.Close()
    64  	return nil
    65  }
    66  

View as plain text