empayre/fleet
14
0
Fork 0
mirror of https://github.com/empayre/fleet.git synced 2024-11-06 08:55:24 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
906bf79526
fleet/kolide/osquery.go
Mike Arpaia ff92f6749a Osqueryd Service (#119) 
* host service stuff

* working on the osquery service api

* log status and results logs
2016-09-06 17:28:07 -04:00

58 lines
2.0 KiB
Go
Raw Blame History

package kolide
import (
"encoding/json"
"time"
"golang.org/x/net/context"
)
type OsqueryStore interface {
LabelQueriesForHost(host *Host, cutoff time.Time) (map[string]string, error)
RecordLabelQueryExecutions(host *Host, results map[string]bool, t time.Time) error
NewLabel(label *Label) error
}
type OsqueryService interface {
EnrollAgent(ctx context.Context, enrollSecret, hostIdentifier string) (string, error)
GetClientConfig(ctx context.Context, action string, data json.RawMessage) (OsqueryConfig, error)
GetDistributedQueries(ctx context.Context) (map[string]string, error)
SubmitDistributedQueryResults(ctx context.Context, results OsqueryDistributedQueryResults) error
SubmitStatusLogs(ctx context.Context, logs []OsqueryResultLog) error
SubmitResultsLogs(ctx context.Context, logs []OsqueryStatusLog) error
}
type OsqueryDistributedQueryResults map[string][]map[string]string
type OsqueryConfig struct {
Packs []Pack
Schedule []Query
}
type OsqueryResultLog struct {
Name string `json:"name"`
HostIdentifier string `json:"hostIdentifier"`
UnixTime string `json:"unixTime"`
CalendarTime string `json:"calendarTime"`
Columns map[string]string `json:"columns"`
Action string `json:"action"`
}
type OsqueryStatusLog struct {
Severity string `json:"severity"`
Filename string `json:"filename"`
Line string `json:"line"`
Message string `json:"message"`
Version string `json:"version"`
Decorations map[string]string `json:"decorations"`
}
// TODO: move this to just use LabelQueriesForHot
// LabelQueriesForHost calculates the appropriate update cutoff (given
// interval) and uses the datastore to retrieve the label queries for the
// provided host.
func LabelQueriesForHost(store OsqueryStore, host *Host, interval time.Duration) (map[string]string, error) {
cutoff := time.Now().Add(-interval)
return store.LabelQueriesForHost(host, cutoff)
}
Reference in New Issue View Git Blame Copy Permalink