Add upload event struct and log execution events #35
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Adds new types:
EventUploadRequest
- encapsulation of an /eventupload POST body sent by a Santa client. It's an array of santa events (see next type)EventUploadEvent
- a single event entry. This contains all the data the santa client collected around the block event.Updates:
EventPayload.Content
field toEventPayload.EventInfo
. The former was a raw json type, it's replaced with a more specific type/tmp/santa_events
. That's nice and all, but it is not helpful in environments that use ephemeral containers.For more info on the santa client upload fields, see https://santa.dev/development/sync-protocol.html#eventupload
Test plan
Ensure
enable_all_event_upload = true
is present in my toml configStarted server locally and tried to run a blocked application on my machine. The events are immediately sent to moroz from my santa client:
Json file still exist on disk as well: