1 files changed, 29 insertions, 0 deletions
diff --git a/src/receive.go b/src/receive.go
new file mode 100644
index 0000000..c0dea00
--- /dev/null
+++ b/src/receive.go
@@ -0,0 +1,29 @@
+package main
+import (
+        "fmt"
+        "github.com/elastic/go-libaudit/v2"
+        "github.com/elastic/go-libaudit/v2/auparse"
+        "github.com/mohae/deepcopy"
+)
+func receive(r *libaudit.AuditClient) error {
+        defer wg.Done()
+        defer close(rawChan)
+        for {
+                rawEvent, err := r.Receive(false)
+                if err != nil {
+                        return fmt.Errorf("receive failed: %w", err)
+                }
+                // Messages from 1300-2999 are valid audit messages.
+                if rawEvent.Type < auparse.AUDIT_USER_AUTH ||
+                        rawEvent.Type > auparse.AUDIT_LAST_USER_MSG2 {
+                        continue
+                }
+                rawEventMessage := deepcopy.Copy(*rawEvent)
+                rawChan <- rawEventMessage
+        }
+}

diff --git a/src/receive.go b/src/receive.go new file mode 100644 index 0000000..c0dea00 --- /dev/null +++ b/src/receive.go
@@ -0,0 +1,29 @@
	1	package main
	2
	3	import (
	4	"fmt"
	5
	6	"github.com/elastic/go-libaudit/v2"
	7	"github.com/elastic/go-libaudit/v2/auparse"
	8	"github.com/mohae/deepcopy"
	9	)
	10
	11	func receive(r *libaudit.AuditClient) error {
	12	defer wg.Done()
	13	defer close(rawChan)
	14	for {
	15	rawEvent, err := r.Receive(false)
	16	if err != nil {
	17	return fmt.Errorf("receive failed: %w", err)
	18	}
	19
	20	// Messages from 1300-2999 are valid audit messages.
	21	if rawEvent.Type < auparse.AUDIT_USER_AUTH \|\|
	22	rawEvent.Type > auparse.AUDIT_LAST_USER_MSG2 {
	23	continue
	24	}
	25
	26	rawEventMessage := deepcopy.Copy(*rawEvent)
	27	rawChan <- rawEventMessage
	28	}
	29	}