feat(aa): improve log conversion.
This commit is contained in:
Alexandre Pujol
parent
992cab1fa4
commit
7efa4b3a4b
1 changed files with 15 additions and 6 deletions
|
|
@ -189,6 +189,10 @@ var (
|
||||||
return newFileFromLog(log)
|
return newFileFromLog(log)
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"exec": newFileFromLog,
|
||||||
|
"file_inherit": newFileFromLog,
|
||||||
|
"file_perm": newFileFromLog,
|
||||||
|
"open": newFileFromLog,
|
||||||
}
|
}
|
||||||
newLogMountMap = map[string]func(log map[string]string) Rule{
|
newLogMountMap = map[string]func(log map[string]string) Rule{
|
||||||
"mount": newMountFromLog,
|
"mount": newMountFromLog,
|
||||||
|
|
@ -214,15 +218,20 @@ func (p *Profile) AddRule(log map[string]string) {
|
||||||
default:
|
default:
|
||||||
}
|
}
|
||||||
|
|
||||||
if newRule, ok := newLogMap[log["class"]]; ok {
|
done := false
|
||||||
p.Rules = append(p.Rules, newRule(log))
|
for _, key := range []string{"class", "family", "operation"} {
|
||||||
} else {
|
if newRule, ok := newLogMap[log[key]]; ok {
|
||||||
|
p.Rules = append(p.Rules, newRule(log))
|
||||||
|
done = true
|
||||||
|
break
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if !done {
|
||||||
if strings.Contains(log["operation"], "dbus") {
|
if strings.Contains(log["operation"], "dbus") {
|
||||||
p.Rules = append(p.Rules, newDbusFromLog(log))
|
p.Rules = append(p.Rules, newDbusFromLog(log))
|
||||||
} else if log["family"] == "unix" {
|
|
||||||
p.Rules = append(p.Rules, newUnixFromLog(log))
|
|
||||||
} else {
|
} else {
|
||||||
panic("unknown class: " + log["class"])
|
fmt.Printf("unknown log type: %s", log)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue