Add support for temporal_max_size and temporal_max_files.

temporal_max_size sets a limit for the size (in MB) of the agent's XML buffer. temporal_max_files sets a limit for the number of files in the agent's XML buffer.
2025-07-31 01:35:36 +02:00 · 2022-09-14 17:12:08 +02:00 · 2022-09-14 17:12:08 +02:00 · 5f6d7b2a8f
commit 5f6d7b2a8f
parent 06be85e044
5 changed files with 131 additions and 15 deletions
--- a/pandora_agents/unix/Linux/pandora_agent.conf
+++ b/pandora_agents/unix/Linux/pandora_agent.conf
@ -165,9 +165,15 @@ remote_config 0
 # should consider changing the temporal directory, since /tmp is world writable.
 xml_buffer 1
-# Minimum available bytes in the temporal directory to enable the XML buffer
+# Minimum available megabytes in the temporal directory to enable the XML buffer
 temporal_min_size 1024
 # Maximum size (in megabytes) allowed for the XML buffer.
 temporal_max_size 1024
 # Maximum number of files allowed for the XML buffer.
 temporal_max_files 1024
 # Agent mode: Learn (default), No-learn, Autodisable
 # agent_mode autodisable
--- a/pandora_agents/unix/pandora_agent
+++ b/pandora_agents/unix/pandora_agent
@ -1145,7 +1145,9 @@ my %DefaultConf = (
 	'secondary_server_opts' => '',
 	'secondary_temporal' => '/var/spool/pandora',
 	'autotime' => 0,
-	'temporal_min_size' => 1,
+	'temporal_min_size' => 1024,
 	'temporal_max_files' => 1024,
 	'temporal_max_size' => 1024,
 	'timezone_offset' => 0,
 	'pandora_exec' => 'pandora_agent_exec',
 	'agent_threads' => 1,
@ -2110,13 +2112,13 @@ sub send_xml_file ($) {
 		swap_servers();
 		# Secondary buffer.
-		if ($rc_sec != 0 && $Conf{'xml_buffer'} == 1 && temporal_freedisk () > $Conf{'temporal_min_size'}) {
+		if ($rc_sec != 0 && write_to_buffer($Conf{'secondary_temporal'}) == 1) {
 			copy($file, $Conf{'secondary_temporal'}) || die("Error copying file $file to " . $Conf{'secondary_temporal'} . ": $!");
 		}
 	}
 	# Primary buffer.
-	if ($rc == 0 || $Conf{'xml_buffer'} == 0 || temporal_freedisk () <= $Conf{'temporal_min_size'}) {
+	if ($rc == 0 || write_to_buffer($Conf{'temporal'}) == 0) {
 		if ($Conf{'debug'} eq '1') {
 			rename($file, $file . "sent");
 		} else {
@ -3761,20 +3763,45 @@ sub kill_signal_handler (){
 }
 ################################################################################
-# Get the free disk space in the temporal directory (in bytes).
+# Get the free disk space in the temporal directory (in megabytes).
 ################################################################################
-sub temporal_freedisk () {
+sub temporal_freedisk {
 	my ($temporal) = @_;
 	# Call df
 	return 0 unless defined (DF_CMDS->{$OS});
-	my $cmd = DF_CMDS->{$OS} . ' ' . $Conf{'temporal'} . ' | awk \'NR > 1 {print $4}\'';	
+	my $cmd = DF_CMDS->{$OS} . ' ' . $temporal . ' | awk \'NR > 1 {print $4}\'';	
 	my $temporal_freedisk = `$cmd`;
 	# Check for errors
 	return 0 unless ($? eq 0);
-	# Convert to bytes
+	# Convert from KB to MB.
-	return 1024 * int ($temporal_freedisk);
+	return $temporal_freedisk / 1024;
 }
 ################################################################################
 # Return the number of data files in the temporal directory and their total
 # size (in megabytes).
 ################################################################################
 sub temporal_stats {
 	my ($temporal) = @_;
 	my $file_count = 0;
 	my $file_size = 0;
 	opendir(my $dir, $temporal) or die($!);
 	while (my $f = readdir($dir)) {
 		if ($f =~ m/.data$/ || $f =~ m/.datasent$/) {
 			$file_count += 1;
 			$file_size += (stat $temporal . '/' . $f)[7];
 		}
 	}
 	closedir($dir);
 	# Convert from B to MB.
 	$file_size /= 1048576;
 	return ($file_count, $file_size);
 }
 ################################################################################
@ -3960,6 +3987,27 @@ sub get_ehkey {
 	return '';
 }
 ################################################################################
 # Return 1 if XML files should be written to the buffer. 0 otherwise.
 ################################################################################
 sub write_to_buffer {
 	my ($temporal) = @_;
 	# The XML buffer is disabled.
 	return 0 if ($Conf{'xml_buffer'} == 0);
 	# Check available disk space.
 	return 0 if ($Conf{'temporal_min_size'} != 0 && temporal_freedisk($temporal) < $Conf{'temporal_min_size'});
 	# Check buffer file count and size limits.
 	my ($file_count, $file_size) = temporal_stats($temporal);
 	return 0 if ($Conf{'temporal_max_files'} != 0 && $file_count > $Conf{'temporal_max_files'});
 	return 0 if ($Conf{'temporal_max_size'} != 0 && $file_size > $Conf{'temporal_max_size'});
 	# It's OK to write to the buffer.
 	return 1;
 }
 ################################################################################
 # Main.
 ################################################################################
--- a/pandora_agents/win32/bin/pandora_agent.conf
+++ b/pandora_agents/win32/bin/pandora_agent.conf
@ -55,9 +55,15 @@ address auto
 # or setting a fixed IP address, like for example:
 #address 192.168.36.73
-# This limits operation if temporal dir has not enough free disk.
+# This limits operation if temporal dir has not enough free disk (in megabytes).
 #temporal_min_size 1024
 # Maximum size (in megabytes) allowed for the XML buffer.
 temporal_max_size 1024
 # Maximum number of files allowed for the XML buffer.
 temporal_max_files 1024
 # Delay start execution X second before start to monitoring nothing 
 #startup_delay 30
--- a/pandora_agents/win32/pandora_windows_service.cc
+++ b/pandora_agents/win32/pandora_windows_service.cc
@ -1696,7 +1696,7 @@ Pandora_Windows_Service::checkConfig (string file) {
 int
 Pandora_Windows_Service::sendXml (Pandora_Module_List *modules, string extra /* = ""*/) {
-    int rc = 0, rc_sec = 0, xml_buffer;
+    int               rc = 0, rc_sec = 0, xml_buffer;
    string            data_xml;
 	string            xml_filename, random_integer;
 	string            tmp_filename, tmp_filepath;
@ -1705,12 +1705,10 @@ Pandora_Windows_Service::sendXml (Pandora_Module_List *modules, string extra /*
 	string            ehorus_conf, eh_key;
 	static HANDLE     mutex = 0; 
    ULARGE_INTEGER    free_bytes;
    double            min_free_bytes = 0;
 	Pandora_Agent_Conf *conf = NULL;
 	FILE              *conf_fh = NULL;
 	conf = this->getConf ();
 	min_free_bytes = 1024 * atoi (conf->getValue ("temporal_min_size").c_str ());
 	xml_buffer = atoi (conf->getValue ("xml_buffer").c_str ());
 	if (mutex == 0) {
@ -1814,14 +1812,14 @@ Pandora_Windows_Service::sendXml (Pandora_Module_List *modules, string extra /*
 		rc_sec = this->copyToSecondary (tmp_filename, false);
 		/* Secondary buffer. */
-		if (rc_sec != 0 && xml_buffer == 1 && (GetDiskFreeSpaceEx (conf->getValue ("secondary_temporal").c_str (), &free_bytes, NULL, NULL) != 0 && free_bytes.QuadPart >= min_free_bytes)) {
+		if (rc_sec != 0 && this->writeToBuffer(conf->getValue ("secondary_temporal").c_str ())) {
 			secondary_filepath = conf->getValue ("secondary_temporal") + "\\" + tmp_filename;
 			CopyFile (tmp_filepath.c_str(), secondary_filepath.c_str(), false);
 		}
 	}
 	/* Primary buffer. Delete the file if successfully copied, buffer disabled or not enough space available. */
-	if (rc == 0 || xml_buffer == 0 || (GetDiskFreeSpaceEx (tmp_filepath.c_str (), &free_bytes, NULL, NULL) != 0 && free_bytes.QuadPart < min_free_bytes)) {
+	if (rc == 0 || !writeToBuffer(conf->getValue ("temporal").c_str ())) {
 		/* Rename the file if debug mode is enabled*/
 		if (getPandoraDebug ()) {
 			string tmp_filepath_sent = tmp_filepath;
@ -2218,3 +2216,60 @@ Pandora_Windows_Service::generateAgentName () {
 	sha256(data.str().c_str(), digest);
 	return std::string(digest);
 }
 bool
 Pandora_Windows_Service::writeToBuffer (string temporal) {
    int xml_buffer;
 	long int temporal_max_files;
    double temporal_min_size, temporal_max_size;
 	string dir, file_name;
    ULARGE_INTEGER free_bytes;
 	Pandora_Agent_Conf *conf = NULL;
 	conf = this->getConf ();
 	dir = temporal;
 	if (dir[dir.length () - 1] != '\\') {
 		dir += "\\";
 	}
 	file_name = dir + "*.data";
 	// Is the XML buffer disabled?
 	xml_buffer = atoi (conf->getValue ("xml_buffer").c_str ());
 	if (xml_buffer == 0) {
 		return false;
 	}
 	// Check available disk space.
 	temporal_min_size = atoi (conf->getValue ("temporal_min_size").c_str ());
 	if (GetDiskFreeSpaceEx (dir.c_str (), &free_bytes, NULL, NULL) && (free_bytes.QuadPart / 1048576) < temporal_min_size) { // Convert free_bytes.QuadPart from B to MB.
 		pandoraLog ("[writeToBuffer] Disk full.");
 		return false;
 	}
 	// Check buffer file count and size limits.
 	temporal_max_size = atoi (conf->getValue ("temporal_max_size").c_str ());
 	temporal_max_files = atol (conf->getValue ("temporal_max_files").c_str ());
 	if (temporal_max_size != 0 || temporal_max_files != 0) {
 		long int file_count = 0;
 		ULONGLONG file_size = 0;
 		HANDLE hFind;
 		WIN32_FIND_DATA FindFileData;
 		if ((hFind = FindFirstFile(file_name.c_str(), &FindFileData)) != INVALID_HANDLE_VALUE) {
 	    	do {
 	    		file_count += 1;
 				file_size += (FindFileData.nFileSizeHigh * (MAXDWORD + 1)) + FindFileData.nFileSizeLow;
 	    	} while (FindNextFile(hFind, &FindFileData));
 	    	FindClose(hFind);
 		}
 		file_size /= 1048576; // Convert from B to MB.
 		if ((temporal_max_size != 0 && file_size > temporal_max_size) ||
 		    (temporal_max_files != 0 && file_count > temporal_max_files)) {
 			pandoraLog ("[writeToBuffer] Too many files or buffer full.");
 			return false;
 		}
 	}
 	return true;
 }
--- a/pandora_agents/win32/pandora_windows_service.h
+++ b/pandora_agents/win32/pandora_windows_service.h
@ -124,6 +124,7 @@ namespace Pandora {
 		long           getInterval ();
 		long           getIntensiveInterval ();
 		string         generateAgentName ();
 		bool           writeToBuffer (string temporal);
 	};
 }