Added log modules

2023-12-03 23:52:55 +01:00 · 2023-12-03 23:52:55 +01:00 · 7892eb5c0c
parent 55aee67df3
commit 7892eb5c0c
2 changed files with 102 additions and 1 deletions
--- a/pandora_console/extras/demodata/agents/1-linux.prd
+++ b/pandora_console/extras/demodata/agents/1-linux.prd
@ -146,4 +146,66 @@ total_size[3]="819M"

 mount_point[1]="/home"
 mount_point[2]="/"
-mount_point[3]="/tmp"
+mount_point[3]="/tmp"
+
+[log_modules]
+
+source[1]="httpd"
+data[1]='127.0.0.1 - "GET /index.html HTTP/1.1" 200 3456 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.182 Safari/537.36"'
+
+source[2]="httpd"
+data[2]='192.168.1.1 - "POST /submit.php HTTP/1.1" 302 0 "https://example.com/form" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.182 Safari/537.36"'
+
+source[3]="httpd"
+data[3]='10.0.0.2 - "GET /images/logo.png HTTP/1.1" 304 0 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 14_2 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.0.1 Mobile/15E148 Safari/604.1"'
+
+source[4]="httpd"
+data[4]='172.16.0.1 - "GET /page/about-us HTTP/1.1" 404 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.182 Safari/537.36"'
+
+source[5]="httpd"
+data[5]='192.168.0.10 - "GET /css/style.css HTTP/1.1" 200 768 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.182 Safari/537.36"'
+
+source[6]="httpd"
+data[6]='203.0.113.45 - "GET /blog/post-123 HTTP/1.1" 200 5432 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.182 Safari/537.36"'
+
+source[7]="httpd"
+data[7]='54.78.90.12 - "GET /category/api-reference HTTP/1.1" 200 6543 "-" "Mozilla/5.0 (Linux; Android 10; SM-G960U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.181 Mobile Safari/537.36"'
+
+source[8]="httpd"
+data[8]='88.77.66.55 - "GET /contact-us HTTP/1.1" 301 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.182 Safari/537.36"'
+
+source[9]="httpd"
+data[9]='198.51.100.23 - "GET /images/photo.jpg HTTP/1.1" 200 4567 "https://example.com/gallery" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.182 Safari/537.36"'
+
+source[10]="httpd"
+data[10]='128.0.0.1 - "GET /downloads/file.zip HTTP/1.1" 200 12345 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.182 Safari/537.36"'
+
+source[11]="mysqld"
+data[11]="[Warning] Aborted connection 123 to db: 'your_database' user: 'your_user' host: '192.168.1.100' (Got an error reading communication packets)"
+
+source[12]="mysqld"
+data[12]="[ERROR] Table 'your_database.your_table' doesn't exist"
+
+source[13]="mysqld"
+data[13]="[Note] Starting crash recovery..."
+
+source[14]="mysqld"
+data[14]="[Warning] Unsafe statement written to the binary log using statement format since BINLOG_FORMAT = STATEMENT. Statement is unsafe because it uses a LIMIT clause. Use a different log bin event type."
+
+source[15]="mysqld"
+data[15]="[ERROR] Out of memory; check if mysqld or some other process uses all available memory; if not, you may have to use 'ulimit' to allow mysqld to use more memory or you can add more swap space"
+
+source[16]="mysqld"
+data[16]="[Note] Aborted connection 456 to db: 'another_database' user: 'another_user' host: 'localhost' (Got timeout reading communication packets)"
+
+source[17]="mysqld"
+data[17]="[ERROR] Can't create a new thread (errno 11); if you are not out of available memory, you can consult the manual for a possible OS-dependent bug"
+
+source[18]="mysqld"
+data[18]="[Warning] 'user' entry 'your_user@localhost' ignored in --skip-name-resolve mode."
+
+source[19]="mysqld"
+data[19]="[Note] InnoDB: Starting rollback of uncommitted transactions"
+
+source[20]="mysqld"
+data[20]="[ERROR] Plugin 'InnoDB' registration as a STORAGE ENGINE failed."
--- a/pandora_server/util/plugin/pandora_demo_agents.pl
+++ b/pandora_server/util/plugin/pandora_demo_agents.pl
@ -197,6 +197,19 @@ sub parse_ini_file {
    $ini_data{'inventory_values'} = {};
  }

+  # Initialize log modules keys
+  if(!defined($ini_data{'log_modules'})) {
+    $ini_data{'log_modules'} = {};
+  }
+
+  if(!defined($ini_data{'log_modules'}{'source'})) {
+    $ini_data{'log_modules'}{'source'} = {};
+  }
+
+  if(!defined($ini_data{'log_modules'}{'data'})) {
+    $ini_data{'log_modules'}{'data'} = {};
+  }
+
  # Initialize traps keys
  if(!defined($ini_data{'traps'})) {
    $ini_data{'traps'} = {};
@ -518,6 +531,32 @@ sub generate_agent($) {
    $xml .= "</agent_data>\n";
  }

+  # Append log module data to XML (only once a day at 00:00)
+  if (!empty($sorted_ini[$current_ini]->{'log_modules'}->{'source'}) && !empty($sorted_ini[$current_ini]->{'log_modules'}->{'data'})) {
+    
+    # Remove agent_data closing tag
+    $xml =~ s/<\/agent_data>//i;
+
+    # Add log modules for each source
+    foreach my $log_source (sort keys %{$sorted_ini[$current_ini]->{'log_modules'}->{'source'}}) {
+      # Only if data is defined
+      if(defined($sorted_ini[$current_ini]->{'log_modules'}->{'data'}->{$log_source})) {
+        # Add log module 50% of times
+        if(get_bool(50)) {
+          my $log_data = $sorted_ini[$current_ini]->{'log_modules'}->{'data'}->{$log_source};
+
+          $xml .= "<log_module>\n";
+          $xml .= "\t<source><![CDATA[$log_source]]></source>\n";
+          $xml .= "\t<data><![CDATA[$log_data]]></data>\n";
+          $xml .= "</log_module>\n";
+        }
+      }
+    }
+
+    # Close agent_data tag again
+    $xml .= "</agent_data>\n";
+  }
+
  # Get file name MD5
  my $file_md5 = md5_hex($agent->{'agent_name'});