arunk-s / mig Goto Github PK
View Code? Open in Web Editor NEWThis project forked from mozilla/mig
Distributed & real time digital forensics at the speed of the cloud
Home Page: http://mig.mozilla.org/
License: Mozilla Public License 2.0
This project forked from mozilla/mig
Distributed & real time digital forensics at the speed of the cloud
Home Page: http://mig.mozilla.org/
License: Mozilla Public License 2.0
Currently the messages are written to jsonBuffChan
which is a buffered channel, so if the dispatch function is busy, it'll fill the buffer, and if the buffer is filled the messages will be skipped from dispatching.
The ideal condition will be to find a good buffer limit so that if the dispatch function fail to send a message, it can take time to retry.
It should be possible that the module forwards the audit events to MIG which stores them in a queue and relays them further to any agent.
It should be configurable such that it is possible to dispatch audit events to a rabbitmq agent.
Currently the module is using gozdef library to send audit events to a mozdef url. But it should be feasible to send audit events to any HTTP API. The decision of using gozdef should be indicated properly in docs and it should be made clear what other options can work.
Design the buffer in mig audit module which are used to dispatch events to outputs in such a fashion that it drops the least recent message if the buffer is full.
[currently] the buffer is a channel buffer and if the buffer is full incoming messages will be dropped.
See previous discussion here: mozilla@25c6d6a#r71168607
Quoting the docs:
When a scan stops, the reader may have advanced arbitrarily far past the last token. Programs that need more control over error handling or large tokens, or must run sequential scans on a reader, should use bufio.Reader instead
If any issue appears while using scanner
we should consider using reader
. Also scanner
includes a caveat that by defaults it splits the input only after a \n
symbol. ( \n
is the default token, unless we provide our own filter function). So the persistent module should always end their messages by a \n
.
Fixing and testing libaudit-go: https://github.com/mozilla/libaudit-go/commits?author=arunk-s
Addition of mig-audit module: mozilla#253
Run the module directly: https://gist.github.com/arunk-s/a5814d7faded57420e35338514ce38d2
It should be configurable such that it is possible to dispatch audit events to a https server that accepts post response (mozdef format). Further extended to dispatch to an existing mozdef server.
One that could be desirable before shutting down the module is to properly clean up queues, wait for go-routines to finish up and then close. Currently we are directly crashing the module on receiving the termination signal.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.