Skip to content

_event

_event

Shared event type emitted by all watchers.

WatchEvent(ts, source, action, container, domain='', query_type='', dest='', detail='', port=0, proto=0, extra=dict()) dataclass

A single watch event emitted to the output stream.

Core fields (always present): ts, source, action, container. DNS-specific: domain, query_type. Audit/NFLOG: dest, detail, port, proto.

to_json()

Serialize to a compact JSON line, omitting empty optional fields.

Source code in src/terok_shield/lib/watchers/_event.py 
31
32
33
34
35
36
37
38
def to_json(self) -> str:
    """Serialize to a compact JSON line, omitting empty optional fields."""
    d = {
        k: v
        for k, v in asdict(self).items()
        if v or k in ("ts", "source", "action", "container")
    }
    return json.dumps(d, separators=(",", ":"))