forked from Velocidex/velociraptor
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathclient_monitoring.go
69 lines (56 loc) · 2.22 KB
/
client_monitoring.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
package services
/*
The Velociraptor client maintains a table of event queries it runs
on startup. This service manages this table. It provides methods
for the Velociraptor administrator to update the table for this
client, and methods for the client to resync its table.
Clients receive an event table specific for them - depending on
their label assignment. Callers can receive the correct update
message for the client by calling
GetClientUpdateEventTableMessage().
It is only necessary to update the client if its version is behind
what it should be. Callers can check if the cliet's event table is
current by calling CheckClientEventsVersion(). This is a very fast
option and so it is appropriate to call it from the critical path.
*/
import (
"context"
api_proto "www.velocidex.com/golang/velociraptor/api/proto"
config_proto "www.velocidex.com/golang/velociraptor/config/proto"
crypto_proto "www.velocidex.com/golang/velociraptor/crypto/proto"
flows_proto "www.velocidex.com/golang/velociraptor/flows/proto"
)
func ClientEventManager(config_obj *config_proto.Config) (ClientEventTable, error) {
org_manager, err := GetOrgManager()
if err != nil {
return nil, err
}
return org_manager.Services(config_obj.OrgId).ClientEventManager()
}
type ClientEventTable interface {
// Get the version of the client event table for this
// client. If the client's version is lower then we resync the
// client's event table.
CheckClientEventsVersion(
ctx context.Context,
config_obj *config_proto.Config,
client_id string, client_version uint64) bool
// Get the message to send to the client in order to force it
// to update.
GetClientUpdateEventTableMessage(
ctx context.Context,
config_obj *config_proto.Config,
client_id string) *crypto_proto.VeloMessage
// Get the full client monitoring table.
GetClientMonitoringState() *flows_proto.ClientEventTable
// Set the client monitoring table.
SetClientMonitoringState(
ctx context.Context,
config_obj *config_proto.Config,
principal string,
state *flows_proto.ClientEventTable) error
ListAvailableEventResults(
ctx context.Context,
in *api_proto.ListAvailableEventResultsRequest) (
*api_proto.ListAvailableEventResultsResponse, error)
}