From 7cf8e470471d30fc821a8be350dcb97dc64e5add Mon Sep 17 00:00:00 2001
From: We-unite <3205135446@qq.com>
Date: Fri, 19 Jul 2024 17:02:11 +0800
Subject: Depart the whole program into several files.

Put all the src code in only one file is to ugly, so devide it!
and mv them into src dir to keep the whole repo clear.
---
 src/receive.go | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)
 create mode 100644 src/receive.go

(limited to 'src/receive.go')

diff --git a/src/receive.go b/src/receive.go
new file mode 100644
index 0000000..c0dea00
--- /dev/null
+++ b/src/receive.go
@@ -0,0 +1,29 @@
+package main
+
+import (
+	"fmt"
+
+	"github.com/elastic/go-libaudit/v2"
+	"github.com/elastic/go-libaudit/v2/auparse"
+	"github.com/mohae/deepcopy"
+)
+
+func receive(r *libaudit.AuditClient) error {
+	defer wg.Done()
+	defer close(rawChan)
+	for {
+		rawEvent, err := r.Receive(false)
+		if err != nil {
+			return fmt.Errorf("receive failed: %w", err)
+		}
+
+		// Messages from 1300-2999 are valid audit messages.
+		if rawEvent.Type < auparse.AUDIT_USER_AUTH ||
+			rawEvent.Type > auparse.AUDIT_LAST_USER_MSG2 {
+			continue
+		}
+
+		rawEventMessage := deepcopy.Copy(*rawEvent)
+		rawChan <- rawEventMessage
+	}
+}
-- 
cgit v1.2.3-70-g09d2