tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add logs module

This commit is contained in:
felix.suarez 2023-10-01 14:48:13 -06:00
parent f6fdd587e7
commit 14aa8083cb
3 changed files with 204 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

186
pandora_agents/pc/pandora_agent
View File

@ -394,6 +394,8 @@ sub parse_conf_modules($) {
'max_warning' => undef, 'max_warning' => undef,
'disabled' => undef, 'disabled' => undef,
'min_ff_event' => undef, 'min_ff_event' => undef,
'filter' => undef,
'log_file' => undef,
'save' => '', 'save' => '',
'conditions' => [], 'conditions' => [],
'cron' => '', 'cron' => '',
@ -411,7 +413,7 @@ sub parse_conf_modules($) {
$module->{'description'} = $1; $module->{'description'} = $1;
} elsif ($line =~ /^\s*module_type\s+(\S+)\s*$/) { } elsif ($line =~ /^\s*module_type\s+(\S+)\s*$/) {
$module->{'type'} = $1; $module->{'type'} = $1;
}elsif ($line =~ /^\s*module_precondition\s+(.*)$/) { } elsif ($line =~ /^\s*module_precondition\s+(.*)$/) {
my $action = $1; my $action = $1;
# Numeric comparison # Numeric comparison
@ -559,6 +561,16 @@ sub parse_conf_modules($) {
# Min ff event # Min ff event
} elsif ($line =~ /^\s*module_min_ff_event\s+(.*)\s*$/) { } elsif ($line =~ /^\s*module_min_ff_event\s+(.*)\s*$/) {
$module->{'min_ff_event'} = $1; $module->{'min_ff_event'} = $1;
# Log module file
} elsif ($line =~ /^\s*module_logfile\s+(.*)\s*$/) {
$module->{'filter'} = $1;
# Log module filter
} elsif ($line =~ /^\s*module_filter\s+(.*)\s*$/) {
$module->{'log_file'} = $1;
# Log module function
} elsif ($line =~ /^\s*module_logger\s+(.*)\s*$/) {
$module->{'func'} = \&module_logger;
$module->{'params'} = $1;
} }
} }
return; return;
@ -1814,6 +1826,178 @@ sub exec_plugin ($) {
$ThreadSem->up () if (defined ($ThreadSem) && $Conf{'agent_threads'} > 1); $ThreadSem->up () if (defined ($ThreadSem) && $Conf{'agent_threads'} > 1);
} }
################################################################################
# Read the logs
################################################################################
sub module_logger ($) {
# Return: 0 If all was OK
# 1 If there is an error
my $status = grep_logs(
$module->{'name'},
$module->{'log_file'},
$module->{'filter'}
)
return ($status);
}
sub grep_logs {
my ($str_name, $str_file, $str_regex) = @_;
if(!$str_name){
log_message("module_logger", "Missing module name");
return;
}
if(!$str_file){
log_message("module_logger", "Missing file name");
return;
}
if(!$str_regex){
$str_regex = '\.\*'
}
my $idx_dir = '/tmp/';
my $idx_file = '';
my $idx_pos = 0;
my $idx_ino = '';
my $module_name = $str_name;
my $log_file = $str_file;
my $reg_exp = $str_regex;
# Check that log file exists
if (! -e $log_file) {
log_message("module_logger", "File $log_file does not exist");
return;
}
# Create index file storage directory
if (! -d $idx_dir) {
if (!mkdir($idx_dir)){
log_message("module_logger", "Error creating directory $idx_dir: " . $!);
return;
}
}
# Create index file if it does not exist
my $idx_file = $idx_dir.$module_name."_".basename($log_file).".idx";
if (! -e $idx_file) {
create_idx();
} else {
return if load_idx() == 1;
return if parse_log() == 1;
}
# Start the function definition
sub create_idx {
my $first_line;
log_message("module_logger", "Creating index file $idx_file");
if (!open(LOGFILE, $log_file)){
log_message("module_logger", "Error opening file $log_file: ".$!);
return 1;
}
# Go to EOF and save the position
seek(LOGFILE, 0, 2);
$idx_pos = tell(LOGFILE);
close(LOGFILE);
# Save the file inode number
$idx_ino = (stat($log_file))[1];
return 1 if save_idx() == 1;
return 0;
}
sub save_idx {
log_message("module_logger", "Saving index file $idx_file");
if (!open(IDXFILE, "> $idx_file")){
log_message("module_logger", "Error opening file $idx_file: ". $!);
return 1;
}
print (IDXFILE $idx_pos . " " . $idx_ino);
close(IDXFILE);
return 0;
}
sub load_idx {
my $line;
my $current_ino;
log_message("module_logger", "Loading index file $idx_file");
if (!open(IDXFILE, $idx_file)){
log_message("module_logger", "Error opening file $idx_file: " .$!);
return 1;
}
# Read position and date
$line = <IDXFILE>;
($idx_pos, $idx_ino) = split(' ', $line);
close(IDXFILE);
# Reset the file index if the file has changed
$current_ino = (stat($log_file))[1];
if ($current_ino != $idx_ino) {
log_message("module_logger", "File changed, resetting index");
$idx_pos = 0;
$idx_ino = $current_ino;
}
return 0;
}
sub parse_log {
my $line;
log_message("module_logger", "Parsing log file $log_file");
# Open log file for reading
if (!open(LOGFILE, $log_file)){
log_message("module_logger", "Error opening file $log_file: " . $!);
return 1;
}
# Go to starting position.
seek(LOGFILE, $idx_pos, 0);
print STDOUT "<module>\n";
print STDOUT "<name><![CDATA[" . $module_name . "]]></name>\n";
print STDOUT "<type><![CDATA[async_string]]></type>\n";
print STDOUT "<datalist>\n";
# Parse log file
while ($line = <LOGFILE>) {
if ($line =~ m/$reg_exp/i) {
# Remove the trailing '\n'
chop($line);
print STDOUT "<data><value><![CDATA[$line]]></value></data>\n";
}
}
print STDOUT "</datalist>\n";
print STDOUT "</module>\n";
$idx_pos = tell(LOGFILE);
close(LOGFILE);
# Save the index file
return 1 if save_idx() == 1;
return 0;
}
}
################################################################################ ################################################################################
# TERM Handler # TERM Handler
################################################################################ ################################################################################

10
pandora_agents/unix/Linux/pandora_agent.conf
View File

@ -315,4 +315,14 @@ module_plugin autodiscover --default
#module_begin #module_begin
#module_plugin /usr/share/pandora_agent/plugins/pandora_sca #module_plugin /usr/share/pandora_agent/plugins/pandora_sca
#module_absoluteinterval 7d #module_absoluteinterval 7d
#module_end
# Logs extaction plugin
#module_begin
#module_name Syslog
#module_type log
#module_logfile /var/log/messages
#module_logger syslog
# module_filter uses REGEXP, optional, if not defined, it takes all lines.
#module_filter \.\*
#module_end #module_end

9
pandora_agents/win32/bin/pandora_agent.conf
View File

@ -530,3 +530,12 @@ module_plugin "%PROGRAMFILES%\Pandora_Agent\util\autodiscover.exe" --default
#module_absoluteinterval 7d #module_absoluteinterval 7d
#module_end #module_end
# Logs extaction plugin
#module_begin
#module_name Oracle_Server_log
#module_type log
#module_logfile c:\oracle\logs\oraserver.log
#module_logger syslog
#module_filter uses REGEXP, optional, if not defined, it takes all lines.
#module_filter \.\*
#module_end